From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.bugs Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing Date: Mon, 30 Dec 2019 19:34:38 +0100 Message-ID: <87imlxu0g1.fsf@gmx.de> References: <83r211372b.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="223168"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: Michael Mauger , "8427@debbugs.gnu.org" <8427@debbugs.gnu.org>, "stefan@marxist.se" To: Andrew Hyatt Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Dec 30 19:35:31 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1ilzt4-000vv3-Jp for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Dec 2019 19:35:30 +0100 Original-Received: from localhost ([::1]:35630 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilzt2-0006i5-IK for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Dec 2019 13:35:28 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:49532) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilzsd-0006hx-3x for bug-gnu-emacs@gnu.org; Mon, 30 Dec 2019 13:35:05 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ilzsc-0007qe-43 for bug-gnu-emacs@gnu.org; Mon, 30 Dec 2019 13:35:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:55642) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ilzsc-0007qO-0R for bug-gnu-emacs@gnu.org; Mon, 30 Dec 2019 13:35:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ilzsb-0007pd-Uo for bug-gnu-emacs@gnu.org; Mon, 30 Dec 2019 13:35:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Michael Albinus Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 30 Dec 2019 18:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8427 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 8427-submit@debbugs.gnu.org id=B8427.157773089030084 (code B ref 8427); Mon, 30 Dec 2019 18:35:01 +0000 Original-Received: (at 8427) by debbugs.gnu.org; 30 Dec 2019 18:34:50 +0000 Original-Received: from localhost ([127.0.0.1]:33382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ilzsQ-0007p9-Dh for submit@debbugs.gnu.org; Mon, 30 Dec 2019 13:34:50 -0500 Original-Received: from mout.gmx.net ([212.227.17.21]:33807) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ilzsP-0007oz-5u for 8427@debbugs.gnu.org; Mon, 30 Dec 2019 13:34:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1577730880; bh=yRGu+NtQsRWG/9rOAUEjWIb2hCywyu5cfClznnrWF+E=; h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To; b=Q/uRsZT9DszoSeUoT0KiNR834XwS5HReKKHU4j+To9i4YOmbFMBYcJCNcc5GkTvfw DZma5d/1+vPiKiotkMkZdHrwRI6KRPQhy5cWlV97wQbcNdxUMURxzDmh41guy2f4oB BhBF8gnYWdeSSlhnE6wexWR58Edd9ITpyNr13iB0= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Original-Received: from detlef.gmx.de ([212.86.59.161]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MPGRp-1j78AP1nAr-00Pcqf; Mon, 30 Dec 2019 19:34:40 +0100 In-Reply-To: (Andrew Hyatt's message of "Mon, 30 Dec 2019 10:11:54 -0500") X-Provags-ID: V03:K1:oP125yvhDmQKh8s+WBPI869+gRg+MB+KhHptq3+Jf4xF+O+jB0I z3ULHK+BAWjOIpIJKDNGpfKwoahfuuJgOVTu+dYCcEFGJVGq9zSJCHv8PHjkaaVH/sbC2lA DtZZ7XOGHvSv2ZVCyt77E1PeSPBhQiLwGRbpdsjmwBolzjc3QBrvBHCCRublbqri9LhVfs5 POCPnko7aW7knLMxwpEqg== X-UI-Out-Filterresults: notjunk:1;V03:K0:s7gzVJGLtg8=:2xmv+ePPIvNiU20vv2YvD3 K2dngMnJLjC9OQ/8lbxRuVyobIGWBes5OQFeypXSJLLZREMFmRdgwn6k95vPcwMIWQdPhr1D9 24zgMAkVAk1Bkz8GIg3jupKmaWmpVvLZ3K4daG+oXpsIUEwGO9rUoMAw6nF0uwpVqk9Y5NP0x Ubt6tHKok1iHOxJtsgfmgHaCLE41euiFOtcjK+kTaHvjHBtGeKogsmhHkTwMQCGcN7TkqrL2n Zz0WnOjcrZW0TA60+01cfPtLcz+AjxTIFjcemhzxZ5Gh/URVlgJ9i4BdZaFiXwpFrZKbkOqvY jDiuTCoh6W0Qqbq7CBeRyxyTxAZkLGnGu6Tn1o+cOTqzJFVkdn8dQBdV4kiYao5apen/JsyMN uc7h228D1LhiZp0/GYLpzARMgaEylCM/c9suXweJ07kLM7Yc99pdeOyhUpn24OftqL/3eRUXI 2QSHEjXICY9GDpQtshmIC32J2lp7qbZn4zRx/z2+ZSLY/1tpkBlSYaVH8J2UmTIWpkX9zewX7 YhAP6HjtxA3IgdHq4L4pZBuq7giIAz8G8T/+cPStHBn4VpKAGvuz7CszWru6bplroQ9LwZgmM RSyeofs5DYc8Pt/Z+NyQi9H6yPcDQSk86ktMDzZUWc8rMu+i6uSbQkDx2qTkGZMRxCJSfentp mTKflW7iOwEkMzjZFvHQ17u5GKBOXR4LhOVctRCVTXfeHTf8kZy/Qjrgh+LLCFcLR2Hk6hblf a7NLbR1ISa72OricF+6CR7DYj2wQhrAKDk0UxI9yl5kSJmlAz4e0wvaHbr+5IY7uN3rwojSH X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:173954 Archived-At: Andrew Hyatt writes: > --- a/etc/NEWS > +++ b/etc/NEWS > > +--- > +**** sql now supports sending of passwords in-process. > +To improve security, if a sql product has ':password-in-comint' set to > +true, a password supplied via the minibuffer will be sent in-process, > +as opposed to via the command-line. I would say non-nil instead of true. Or do you mean t?