From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 27 20:33:39 2014 Received: (at submit) by debbugs.gnu.org; 28 Mar 2014 00:33:39 +0000 Received: from localhost ([127.0.0.1]:53382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WTKjq-0005uq-7e for submit@debbugs.gnu.org; Thu, 27 Mar 2014 20:33:38 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51832) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WTKjn-0005uh-84 for submit@debbugs.gnu.org; Thu, 27 Mar 2014 20:33:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WTKjf-0007Uc-58 for submit@debbugs.gnu.org; Thu, 27 Mar 2014 20:33:35 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:34402) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WTKjf-0007UN-2m for submit@debbugs.gnu.org; Thu, 27 Mar 2014 20:33:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53527) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WTKjY-0007gx-26 for bug-gnu-emacs@gnu.org; Thu, 27 Mar 2014 20:33:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WTKjO-0007SP-Hl for bug-gnu-emacs@gnu.org; Thu, 27 Mar 2014 20:33:19 -0400 Received: from gproxy3-pub.mail.unifiedlayer.com ([69.89.30.42]:58906) by eggs.gnu.org with smtp (Exim 4.71) (envelope-from ) id 1WTKjO-0007Rw-7R for bug-gnu-emacs@gnu.org; Thu, 27 Mar 2014 20:33:10 -0400 Received: (qmail 19651 invoked by uid 0); 28 Mar 2014 00:33:05 -0000 Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy3.mail.unifiedlayer.com with SMTP; 28 Mar 2014 00:33:05 -0000 Received: from host393.hostmonster.com ([66.147.240.193]) by cmgw4 with id ivYy1n0014B3kjm01vZ1VG; Fri, 28 Mar 2014 01:33:04 -0600 X-Authority-Analysis: v=2.1 cv=L+eOHYj8 c=1 sm=1 tr=0 a=GZ6qK+eS4AuCRVUKGEKC+Q==:117 a=GZ6qK+eS4AuCRVUKGEKC+Q==:17 a=DsvgjBjRAAAA:8 a=f5113yIGAAAA:8 a=4GsTxW34auoA:10 a=CmHQntskcbMA:10 a=lfvU_ReahkwA:10 a=ngU5ixn2AAAA:8 a=fWyWhr6xdMwA:10 a=X89makJshVou16Vl_e8A:9 a=7ynzpamQKdIA:10 a=8f8W8ubuCwcA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbtrap.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=3SEPhORvyMA5RnwDJhzP4qUZvqZT2WTVsPyAVMmotkk=; b=tGKC8JKntrCluiVZPSJOeo3uWiauVUb+uXdtVtrn8syBxv6++3qvXVGBZtQAFyMnxRT+UHePi+y0pygtXqRHL2Q2VKHGo0q3b/9gjFK6PGpwS6ALKFwE11v8LxYMR0lb; Received: from [50.90.253.209] (port=52776 helo=Nathan-GNU) by host393.hostmonster.com with esmtpsa (TLSv1.2:CAMELLIA128-SHA:128) (Exim 4.82) (envelope-from ) id 1WTKjD-0002A2-5V for bug-gnu-emacs@gnu.org; Thu, 27 Mar 2014 18:32:59 -0600 From: Nathan Trapuzzano To: bug-gnu-emacs@gnu.org Subject: `call-process' circumvents password concealment w/ `read-passwd' Date: Thu, 27 Mar 2014 20:32:55 -0400 Message-ID: <871txntb60.fsf@nbtrap.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Identified-User: {1585:host393.hostmonster.com:nbtrapco:nbtrap.com} {sentby:smtp auth 50.90.253.209 authed with nbtrap@nbtrap.com} X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) To reproduce with emacs -nw -q on 24.3 and trunk: M-: (global-set-key (kbd "C-c C-c") (lambda () (interactive) (call-process "echo" nil t nil "-n" "foobar"))) M-: (read-passwd "Password: ") C-c C-c "foobar" is printed in the minibuffer rather than "......", whereas, e.g., yanking from the kill ring print dots. From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 27 22:04:38 2014 Received: (at 17127) by debbugs.gnu.org; 28 Mar 2014 02:04:39 +0000 Received: from localhost ([127.0.0.1]:53421 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WTM9u-0008H1-8P for submit@debbugs.gnu.org; Thu, 27 Mar 2014 22:04:38 -0400 Received: from chene.dit.umontreal.ca ([132.204.246.20]:49623) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WTM9r-0008Gs-DH for 17127@debbugs.gnu.org; Thu, 27 Mar 2014 22:04:36 -0400 Received: from fmsmemgm.homelinux.net (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s2S24rE7012331; Thu, 27 Mar 2014 22:04:53 -0400 Received: by fmsmemgm.homelinux.net (Postfix, from userid 20848) id 971D9AE3F7; Thu, 27 Mar 2014 22:04:32 -0400 (EDT) From: Stefan Monnier To: Nathan Trapuzzano Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Message-ID: References: <871txntb60.fsf@nbtrap.com> Date: Thu, 27 Mar 2014 22:04:32 -0400 In-Reply-To: <871txntb60.fsf@nbtrap.com> (Nathan Trapuzzano's message of "Thu, 27 Mar 2014 20:32:55 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4894=0 X-NAI-Spam-Version: 2.3.0.9362 : core <4894> : inlines <659> : streams <1146045> : uri <1712068> X-Spam-Score: -1.7 (-) X-Debbugs-Envelope-To: 17127 Cc: 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) > To reproduce with emacs -nw -q on 24.3 and trunk: > M-: (global-set-key > (kbd "C-c C-c") > (lambda () > (interactive) > (call-process "echo" nil t nil "-n" "foobar"))) > M-: (read-passwd "Password: ") > C-c C-c This looks fairly contrived. How did you stumble upon this problem? Stefan From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 27 22:40:00 2014 Received: (at 17127) by debbugs.gnu.org; 28 Mar 2014 02:40:00 +0000 Received: from localhost ([127.0.0.1]:53437 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WTMi7-0000ju-Jb for submit@debbugs.gnu.org; Thu, 27 Mar 2014 22:39:59 -0400 Received: from gproxy2-pub.mail.unifiedlayer.com ([69.89.18.3]:55841) by debbugs.gnu.org with smtp (Exim 4.80) (envelope-from ) id 1WTMi2-0000ji-Pk for 17127@debbugs.gnu.org; Thu, 27 Mar 2014 22:39:56 -0400 Received: (qmail 20951 invoked by uid 0); 28 Mar 2014 02:39:51 -0000 Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy2.mail.unifiedlayer.com with SMTP; 28 Mar 2014 02:39:51 -0000 Received: from host393.hostmonster.com ([66.147.240.193]) by cmgw4 with id ixfl1n00D4B3kjm01xfoNX; Fri, 28 Mar 2014 03:39:50 -0600 X-Authority-Analysis: v=2.1 cv=L+eOHYj8 c=1 sm=1 tr=0 a=GZ6qK+eS4AuCRVUKGEKC+Q==:117 a=GZ6qK+eS4AuCRVUKGEKC+Q==:17 a=DsvgjBjRAAAA:8 a=f5113yIGAAAA:8 a=4GsTxW34auoA:10 a=-WKLDjVvHWAA:10 a=lfvU_ReahkwA:10 a=ngU5ixn2AAAA:8 a=fWyWhr6xdMwA:10 a=r0oDxNsHx84vvuxIQe4A:9 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbtrap.com; s=default; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:References:Subject:Cc:To:From; bh=QoPYtzkAgUcoagRDuEvXNdy30/DOcccrJSdf4bLjnbM=; b=fGAcYareKlh0hJbhTOugAA60VpdvBkQJ8yyVFZMtFyHD5BdaCgajlOcfr1AnqZN2z9BsapcVkgstXPe7fmCEvLhqZIfmS33YHYPP3VXI2tNfl5Ih9LQWiGdQKdP3duIE; Received: from [50.90.253.209] (port=54006 helo=Nathan-GNU) by host393.hostmonster.com with esmtpsa (TLSv1.2:CAMELLIA128-SHA:128) (Exim 4.82) (envelope-from ) id 1WTMhu-00069O-Ns; Thu, 27 Mar 2014 20:39:46 -0600 From: Nathan Trapuzzano To: Stefan Monnier Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' References: <871txntb60.fsf@nbtrap.com> Date: Thu, 27 Mar 2014 22:39:41 -0400 In-Reply-To: (Stefan Monnier's message of "Thu, 27 Mar 2014 22:04:32 -0400") Message-ID: <87ha6jcahe.fsf@nbtrap.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Identified-User: {1585:host393.hostmonster.com:nbtrapco:nbtrap.com} {sentby:smtp auth 50.90.253.209 authed with nbtrap@nbtrap.com} X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17127 Cc: 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Stefan Monnier writes: > This looks fairly contrived. How did you stumble upon this problem? Copy/pasting passwords from console password manager to emacs running on terminal emulator in X. The built-in copy/paste functionaly for the X clipboard only works (AFAIK) with graphical emacs, so I use my own commands to make it work on a terminal. Here's the one that made me catch it: (defun paste-from-X-clipboard () "Insert the X clipboard contents at point." (interactive) (call-process "xclip" nil t nil "-selection" "clipboard" "-o")) I use that to paste passwords when, e.g., finding remote files via ssh/TRAMP. From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 29 10:35:32 2019 Received: (at 17127) by debbugs.gnu.org; 29 Sep 2019 14:35:32 +0000 Received: from localhost ([127.0.0.1]:55405 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iEaIL-0000WM-6A for submit@debbugs.gnu.org; Sun, 29 Sep 2019 10:35:32 -0400 Received: from quimby.gnus.org ([80.91.231.51]:56004) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iEaII-0000WD-M6 for 17127@debbugs.gnu.org; Sun, 29 Sep 2019 10:35:27 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iEaIE-0001uZ-7r; Sun, 29 Sep 2019 16:35:24 +0200 From: Lars Ingebrigtsen To: Nathan Trapuzzano Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' References: <871txntb60.fsf@nbtrap.com> Date: Sun, 29 Sep 2019 16:35:22 +0200 In-Reply-To: <871txntb60.fsf@nbtrap.com> (Nathan Trapuzzano's message of "Thu, 27 Mar 2014 20:32:55 -0400") Message-ID: <87y2y7gogl.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Nathan Trapuzzano writes: > To reproduce with emacs -nw -q on 24.3 and trunk: > > M-: (global-set-key > (kbd "C-c C-c") > (lambda () > (interactive) > (call-process "echo" nil t nil "-n" "foobar"))) > > M-: (read-passwd "Passw [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17127 Cc: 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Nathan Trapuzzano writes: > To reproduce with emacs -nw -q on 24.3 and trunk: > > M-: (global-set-key > (kbd "C-c C-c") > (lambda () > (interactive) > (call-process "echo" nil t nil "-n" "foobar"))) > > M-: (read-passwd "Password: ") > > C-c C-c > > "foobar" is printed in the minibuffer rather than "......", whereas, > e.g., yanking from the kill ring print dots. The following patch fixes this, I think, by using post-command-hook instead of after-change-functions. It seems to work for me -- does anybody see a problem with doing it this way? diff --git a/lisp/subr.el b/lisp/subr.el index 45b99a82d2..9e4553dcbb 100644 --- a/lisp/subr.el +++ b/lisp/subr.el @@ -2426,6 +2426,12 @@ read-passwd-map map) "Keymap used while reading passwords.") +(defun read-password--hide-password () + (let ((beg (minibuffer-prompt-end))) + (dotimes (i (1+ (- (buffer-size) beg))) + (put-text-property (+ i beg) (+ 1 i beg) + 'display (string (or read-hide-char ?*)))))) + (defun read-passwd (prompt &optional confirm default) "Read a password, prompting with PROMPT, and return it. If optional CONFIRM is non-nil, read the password twice to make sure. @@ -2450,15 +2456,7 @@ read-passwd (message "Password not repeated accurately; please start over") (sit-for 1)))) success) - (let ((hide-chars-fun - (lambda (beg end _len) - (clear-this-command-keys) - (setq beg (min end (max (minibuffer-prompt-end) - beg))) - (dotimes (i (- end beg)) - (put-text-property (+ i beg) (+ 1 i beg) - 'display (string (or read-hide-char ?*)))))) - minibuf) + (let (minibuf) (minibuffer-with-setup-hook (lambda () (setq minibuf (current-buffer)) @@ -2469,7 +2467,7 @@ read-passwd (use-local-map read-passwd-map) (setq-local inhibit-modification-hooks nil) ;bug#15501. (setq-local show-paren-mode nil) ;bug#16091. - (add-hook 'after-change-functions hide-chars-fun nil 'local)) + (add-hook 'post-command-hook 'read-password--hide-password nil t)) (unwind-protect (let ((enable-recursive-minibuffers t) (read-hide-char (or read-hide-char ?*))) @@ -2479,7 +2477,8 @@ read-passwd ;; Not sure why but it seems that there might be cases where the ;; minibuffer is not always properly reset later on, so undo ;; whatever we've done here (bug#11392). - (remove-hook 'after-change-functions hide-chars-fun 'local) + (remove-hook 'after-change-functions 'read-password--hide-password + 'local) (kill-local-variable 'post-self-insert-hook) ;; And of course, don't keep the sensitive data around. (erase-buffer)))))))) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 12 23:16:13 2019 Received: (at 17127) by debbugs.gnu.org; 13 Oct 2019 03:16:14 +0000 Received: from localhost ([127.0.0.1]:34686 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJUMd-0005n8-Od for submit@debbugs.gnu.org; Sat, 12 Oct 2019 23:16:13 -0400 Received: from quimby.gnus.org ([80.91.231.51]:47676) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJUMb-0005ko-Hn for 17127@debbugs.gnu.org; Sat, 12 Oct 2019 23:16:09 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iJUMW-0003p4-4G; Sun, 13 Oct 2019 05:16:08 +0200 From: Lars Ingebrigtsen To: Nathan Trapuzzano Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' References: <871txntb60.fsf@nbtrap.com> <87y2y7gogl.fsf@gnus.org> Date: Sun, 13 Oct 2019 05:16:03 +0200 In-Reply-To: <87y2y7gogl.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sun, 29 Sep 2019 16:35:22 +0200") Message-ID: <87tv8dcp3g.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Lars Ingebrigtsen writes: >> "foobar" is printed in the minibuffer rather than "......", whereas, >> e.g., yanking from the kill ring print dots. > > The following patch fixes this, I think, by using post-command-hook > instea [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17127 Cc: 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: >> "foobar" is printed in the minibuffer rather than "......", whereas, >> e.g., yanking from the kill ring print dots. > > The following patch fixes this, I think, by using post-command-hook > instead of after-change-functions. > > It seems to work for me -- does anybody see a problem with doing it this > way? There were no comments in two weeks, so I've now applied the patch. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 12 23:16:17 2019 Received: (at control) by debbugs.gnu.org; 13 Oct 2019 03:16:17 +0000 Received: from localhost ([127.0.0.1]:34689 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJUMi-0005rv-UI for submit@debbugs.gnu.org; Sat, 12 Oct 2019 23:16:17 -0400 Received: from quimby.gnus.org ([80.91.231.51]:47692) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJUMg-0005p2-2D for control@debbugs.gnu.org; Sat, 12 Oct 2019 23:16:15 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iJUMd-0003pD-Ci for control@debbugs.gnu.org; Sun, 13 Oct 2019 05:16:13 +0200 Date: Sun, 13 Oct 2019 05:16:11 +0200 Message-Id: <87sgnxcp38.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #17127 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: tags 17127 fixed close 17127 27.1 quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 17127 fixed close 17127 27.1 quit From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 23 18:02:02 2019 Received: (at 17127) by debbugs.gnu.org; 23 Oct 2019 22:02:02 +0000 Received: from localhost ([127.0.0.1]:35113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iNOhd-000888-TB for submit@debbugs.gnu.org; Wed, 23 Oct 2019 18:02:02 -0400 Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:63323) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iNOhc-00087l-Fe for 17127@debbugs.gnu.org; Wed, 23 Oct 2019 18:02:00 -0400 Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 44DB981155; Wed, 23 Oct 2019 18:01:54 -0400 (EDT) Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id B15BF8004C; Wed, 23 Oct 2019 18:01:52 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1571868112; bh=VH6N/3SpfxH6rIbsSad2oISaeVrawx6JT0GSgdYv1mI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=P6XwE6C9IDI5sRs9+WcOa2pGA8pFB4Ufig/DCyWZHmfGA6/n022Ju+xOumUD7oU2o 4HFFp9LyIuRSvsN5VQ9JOpjHwDBLvCjVV6zMrNGeiwGSsbN1oZbTOb16CcL7JQFT+k spPnBo7l0RH4p9h8eGMlCtGJ8bbfQ9rRZ4iGk6jUFRsm9IHE9/dKKxy3DGgdGFOCqY M8AenILmDcKOiRW4LqNDYz3U+jwlZF4DY38HMyjtqXEYiJxm+RsnRcftxdomld7WnE 28QG0aGFa1BnHDpBcLOv5ZbNi/ZecdeKcUg2sybAbTbdfrfQd0JSyE0ghPRvSvMddY n2TfR44lxU4xA== Received: from pastel (unknown [216.154.30.71]) by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 7B6901209CA; Wed, 23 Oct 2019 18:01:52 -0400 (EDT) From: Stefan Monnier To: Lars Ingebrigtsen Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Message-ID: References: <871txntb60.fsf@nbtrap.com> <87y2y7gogl.fsf@gnus.org> Date: Wed, 23 Oct 2019 18:01:45 -0400 In-Reply-To: <87y2y7gogl.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sun, 29 Sep 2019 16:35:22 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SPAM-INFO: Spam detection results: 0 ALL_TRUSTED -1 Passed through trusted hosts only via SMTP AWL -0.039 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain X-SPAM-LEVEL: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 17127 Cc: Nathan Trapuzzano , 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) > The following patch fixes this, I think, by using post-command-hook > instead of after-change-functions. Actually, in theory after-change-functions should catch all cases whereas post-command-hook might miss some (i.e. chars inserted not while running a command, e.g. from a process filter). So while your new code probably works fine in practice (and is a good workaround for now) , I think the original code is "more correct" and we should try and figure out why it didn't work: how come after-change-functions is not run (or not correctly) by call-process? Stefan From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 24 07:49:27 2019 Received: (at 17127) by debbugs.gnu.org; 24 Oct 2019 11:49:27 +0000 Received: from localhost ([127.0.0.1]:35433 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iNbcN-0007C2-H3 for submit@debbugs.gnu.org; Thu, 24 Oct 2019 07:49:27 -0400 Received: from quimby.gnus.org ([80.91.231.51]:59960) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iNbcM-0007Bv-NV for 17127@debbugs.gnu.org; Thu, 24 Oct 2019 07:49:27 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iNbcH-00040L-Pr; Thu, 24 Oct 2019 13:49:24 +0200 From: Lars Ingebrigtsen To: Stefan Monnier Subject: Re: bug#17127: `call-process' circumvents password concealment w/ `read-passwd' References: <871txntb60.fsf@nbtrap.com> <87y2y7gogl.fsf@gnus.org> Date: Thu, 24 Oct 2019 13:49:21 +0200 In-Reply-To: (Stefan Monnier's message of "Wed, 23 Oct 2019 18:01:45 -0400") Message-ID: <87ftjifjni.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Stefan Monnier writes: >> The following patch fixes this, I think, by using post-command-hook >> instead of after-change-functions. > > Actually, in theory after-change-functions should catch all cases > whereas post-comman [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17127 Cc: Nathan Trapuzzano , 17127@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Stefan Monnier writes: >> The following patch fixes this, I think, by using post-command-hook >> instead of after-change-functions. > > Actually, in theory after-change-functions should catch all cases > whereas post-command-hook might miss some (i.e. chars inserted not > while running a command, e.g. from a process filter). > > So while your new code probably works fine in practice (and is a good > workaround for now) , I think the original code is "more correct" and we > should try and figure out why it didn't work: how come > after-change-functions is not run (or not correctly) by call-process? Yeah, that's a good point. Data inserted by call-process definitely changes the buffer, so after-change-functions should be run. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Mon Jun 23 13:13:17 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 21 Nov 2019 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator