GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Noam Postavsky <npostavs <at> gmail.com>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 30190 <at> debbugs.gnu.org, Tino Calancha <tino.calancha <at> gmail.com>
Subject: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Wed, 18 Jul 2018 07:56:44 -0400

[Message part 1 (text/plain, inline)]
Stefan Monnier <monnier <at> IRO.UMontreal.CA> writes:

> unconditionally call *-watch-for-password-prompt right at the place
> where you added the "run-hook" (actually, only one of the two places),

Here is a modified version of Tino's patch which uses comint.el and does
the above.  Another difference is that we call
term-watch-for-password-prompt on the decoded-substring (I believe
that's required to match localized non-ASCII prompts correctly).

I wasn't able to reproduce the problems described in #74 with any
version of the patch (maybe it's dependent on timing?), so I'm not sure
how much of a concern that is.


[v3-0001-Prevent-line-mode-term-from-showing-user-password.patch (text/plain, attachment)]
This bug report was last modified 6 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.