On Sat, Oct 5, 2019 at 11:28 PM Stefan Kangas wrote: > Hi Andrew, > > Andrew Hyatt writes: > > > This is fairly easy to fix - mysql can check to see if the user entered > > a blank for the password prompt, and instead of not sending a password, > > send just the "--password" argument so the user can enter it into the > > process instead of the command line. I have a fix ready to check in > > that works for mysql (I'm not sure which other products support that). > > I think using an empty "--pasword" parameter sounds like the right fix. > That makes mysql prompt for the password, and we could supply it there > instead. I guess that's what you meant? > > Could you perhaps send your patch here for review? > I no longer know where my changes are. It's been a while. But I think I can probably recreate them, which I'll try to do this week. > > > Alternatively, we can just have a variable that controls whether > > passwords are asked for on the command line at all (if sql-password is > > unset), which could default to nil, making the security better by > > default. > > I'm not sure what this means, but I guess the above fix should be > enough. Perhaps I'm missing something. > The idea is that instead of connecting with the --password arg, it can be left out entirely, in which case the program should ask for it (which is secure). > > > BTW, I guess the attack here is that another user process can use > > something like strace to snoop on emacs's child processeses and obtain > > the mysql password? > > Well, according to the threads linked earlier this can still be a > problem on Solaris, where the password is visible to all users if they > just run "ps". Perhaps it's been fixed since whenever these comments > were written though... > > Stefan Monnier writes: > > > >>> Apparently, no they cannot, since mysql replaces the password > characters > >>> with x's: > >> > >> Of course, that still leaves the chars exposed during a short time > window. > > And as Stefan explains here the password is still exposed during a > short time window even on GNU/Linux. AFAIU, it's a possible race > attack which it would be nice to avoid. > Yes, I think the solutions I presented should fix this. Stay tuned for a patch. > > Best regards, > Stefan Kangas >