bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps

From: Michael Mauger
Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
Date: Mon, 16 Dec 2019 15:12:32 +0000

-------- Original Message --------
On Dec 15, 2019, 11:59 PM, Andrew Hyatt < ahyatt@gmail.com> wrote:
> Any input on this?  I believe this fixes the issue, and would prefer to
> revise this while I still remember the details.  I'm happy to submit this
> as well.

>> On Mon, Nov 11, 2019 at 12:31 AM Andrew Hyatt <ahyatt@gmail.com> wrote:

>> I've simplified an implementation along the lines you suggest, and
>> tested it via ert. I'm attaching the latest version of the patch.
>> Please let me know what you think.

I apologise for not getting back to you sooner-- a new job and the holidays have consumed much of my time. My initial look at your latest patch raised some concerns but I haven't done any deeper look yet. I'll try to take a look in the next week or so. If you don't hear back from me after the new year, then let's merge it and we'll address the issues from there. (I know I mentioned this before but I don't remember the status-- do you have your copyright paperwork all set for Emacs contributions?)

I think my thought was that it may make sense to push some of this back onto comint rather than a convoluted sql-only solution, but that may require some more negotiation. As I looked at it, using a comint hook might serve auth services as well.

Sorry about the silence, you have not been forgotten just buried in end-of-year turmoil :)

--
MICHAEL@MAUGER.COM // FSF and EFF member // GNU Emacs sql.el maintainer
reply via email to
[Prev in Thread] Current Thread [Next in Thread]