GNU bug report logs -
#30190
27.0.50; term run in line mode shows user passwords
Previous Next
Reported by: Tino Calancha <tino.calancha <at> gmail.com>
Date: Sun, 21 Jan 2018 12:17:02 UTC
Severity: normal
Tags: confirmed, fixed, security
Found in versions 27.0.50, 24.3
Fixed in version 26.2
Done: Noam Postavsky <npostavs <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Thu, 21 Jun 2018, Stefan Monnier wrote:
> I'd prefer to re-use comint code rather than copy it. Copying might be
> tolerable for term-watch-for-password-prompt (it could conceivably
> require adjustments for the context of term-mode), but it's out of the
> question for term-password-prompt-regexp.
>
>> My patch just tried to mimic what is done in `comint.el' and reproduce
>> it in `term.el'. My hope was that the patch would be accepted frictionless:
>> if it's already done in `comint.el', why not doing the same in `term.el'?
>
> I'm not a great fan of the hooks in comint (tho I must say I haven't
> come up with anything really better either).
>
> And to the extent that you can set *-password-prompt-regexp
> buffer-locally in order to prevent *-watch-for-password-prompt from
> getting in the way, I don't see much benefit of going through a hook.
> [ The hook might be beneficial in itself, with a nil default value, but
> that's a different discussion. ]
Thank you for the feedback!
When my current mundane duties (cooking, studying, cleaning, grocery,
jogging, take care of my cat and cactus, etc) offer me a break,
I will prepare a new patch (not sure when I will find the time,
hopefully soon):
* It will recycle (require) `comint.el', i.e., it will use
`comint-password-prompt-regexp'.
* It will use the hook strategy until someone comes with something
smarter.
This bug report was last modified 6 years and 358 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.