GNU bug report logs - #30186
27.0.50; Password is not hidden in read-passwd

Previous Next

Package: emacs;

Reported by: Juri Linkov <juri <at> linkov.net>

Date: Sat, 20 Jan 2018 21:40:02 UTC

Severity: normal

Found in version 27.0.50

Done: Alan Mackenzie <acm <at> muc.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Juri Linkov <juri <at> linkov.net>
To: 30186 <at> debbugs.gnu.org
Subject: bug#30186: 27.0.50; Password is not hidden in read-passwd
Date: Sat, 20 Jan 2018 23:29:35 +0200

This is a regression and a security flaw.

Reading a password with ‘read-passwd’ doesn't hide inserted characters
anymore as it used to do in older versions.

When the user has such customization:

  (custom-set-variables
   '(yank-excluded-properties t))

evaluating

  (read-passwd "Prompt: ")

and yanking a password to the minibuffer with 'C-y' doesn't hide it
as it did in Emacs 25.

This can be traced down to ‘remove-yank-excluded-properties’
where ‘set-text-properties’ used to leave ‘display’ properties
(with ‘.’ over inserted characters) in the minibuffer.
This bug report was last modified 7 years and 173 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.