bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps

From: Michael Mauger
Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
Date: Wed, 18 Dec 2019 12:45:27 +0000 
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, December 18, 2019 6:15 AM, Andrew Hyatt <ahyatt@gmail.com> wrote:

> Hi Michael,
>
> I'm happy to merge this in.  I have FSF paperwork done and already have 
> commit access.
>
> However, I agree with you about pushing logic into comint.  As I mentioned 
> before, it would help simplify the logic here.  It might be best to not check 
> this in and see what an alternate solution might be first, based on comint.  
> I can work on that soon and get a patch out in the next week or so.
>
> On Mon, Dec 16, 2019 at 10:12 AM Michael Mauger <mmauger@protonmail.com> 
> wrote:
>
> > -------- Original Message --------
> > On Dec 15, 2019, 11:59 PM, Andrew Hyatt < ahyatt@gmail.com> wrote:
> > > Any input on this?  I believe this fixes the issue, and would prefer to
> > > revise this while I still remember the details.  I'm happy to submit this
> > > as well.
> >

I had a chance to look at this last night; I've had a couple of days away from 
home and took advantage of it. Below is my first take on the changes to 
comint.el needed to add a hook that we could use in sql.el to supply the 
password. I think we ought to run this by emacs-devel and Eli before merging it.

*** /usr/local/share/emacs/27.0.50/lisp/comint.el       2019-12-18 
07:26:14.268274791 -0500
--- /home/michael/my-config/user-lisp/override/comint.el        2019-12-17 
23:10:08.433852481 -0500
***************
*** 2356,2361 ****
--- 2356,2368 ----
  ;; saved -- typically passwords to ftp, telnet, or somesuch.
  ;; Just enter m-x comint-send-invisible and type in your line.

+ (defvar comint-password-function nil
+   "Abnormal hook run when prompted for a password.
+ This function gets one argument, a string containing the prompt.
+ It may return a string containing the password, or nil if normal
+ password prompting should occur.")
+ (put 'comint-password-function 'permanent-local t)
+
  (defun comint-send-invisible (&optional prompt)
    "Read a string without echoing.
  Then send it to the process running in the current buffer.
***************
*** 2370,2377 ****
           (format "(In buffer %s) "
                   (current-buffer)))))
      (if proc
!       (let ((str (read-passwd (concat prefix
!                                       (or prompt "Non-echoed text: ")))))
          (if (stringp str)
              (progn
                (comint-snapshot-last-prompt)
--- 2377,2389 ----
           (format "(In buffer %s) "
                   (current-buffer)))))
      (if proc
!       (let ((prefix-prompt (concat prefix
!                                    (or prompt "Non-echoed text: ")))
!             str)
!         (when comint-password-function
!           (setq str (funcall comint-password-function prefix-prompt)))
!         (unless str
!           (setq str (read-passwd prefix-prompt)))
          (if (stringp str)
              (progn
                (comint-snapshot-last-prompt)


Let me know your thoughts

--
MICHAEL@MAUGER.COM // FSF and EFF member // GNU Emacs sql.el maintainer
reply via email to
[Prev in Thread] Current Thread [Next in Thread]