GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #101 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Tino Calancha <tino.calancha <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 30190 <at> debbugs.gnu.org, Noam Postavsky <npostavs <at> gmail.com>,
 Stefan Monnier <monnier <at> iro.umontreal.ca>,
 Tino Calancha <tino.calancha <at> gmail.com>
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Thu, 21 Jun 2018 12:07:55 +0900 (JST)


On Thu, 21 Jun 2018, Eli Zaretskii wrote:

>> From: Noam Postavsky <npostavs <at> gmail.com>
>> Cc: 30190 <at> debbugs.gnu.org,  tino.calancha <at> gmail.com
>> Date: Wed, 20 Jun 2018 19:28:32 -0400
>>
>> Eli Zaretskii <eliz <at> gnu.org> writes:
>>
>>> I'm for fixing this in Emacs 26.2, but I still don't think I
>>> understand why the latest patch proposed in the discussion of this bug
>>> needs to "steal" so much from comint.el?
>>>
>>> Also, why does term-watch-for-password-prompt need to be invoked via a
>>> hook?
>>
>> I don't these things are really required; as far as I understand, Tino
>> did it that way in order to be safer: the "stealing" is to avoid loading
>> comint.el, and using the hook is to keep the code closer to the already
>> working example it's being copied from.
>
> Why is it a problem to load comint?  Either in this case or even
> always?
I have the bias/personal-preference to avoid load new things when I make a 
change.  Let's call it: 'disturb the least' with my patches.

> As for the hook: it looks strange to me to use hooks for this purpose,
> since IMO we are supposed to refrain from doing that as much as
> possible.
I must admit it: my patch brings cargo-cult from `comint.el'; comint.el 
performs such hook calls.

My patch just tried to mimic what is done in `comint.el' and reproduce
it in `term.el'.  My hope was that the patch would be accepted 
frictionless: if it's already done in `comint.el', 
why not doing the same in `term.el'?

The discussion turned out about point the implementation that we
have in `comint.el', which is also good and interesting topic.  A bit
out of scope of my initial intentions, but very welcome anyway.  Improve
code is always a good thing.

Stefan opinion on these 2 general questions might be very valuable.
This bug report was last modified 6 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.