GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #122 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Tino Calancha <tino.calancha <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 30190 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>,
 Noam Postavsky <npostavs <at> gmail.com>, Tino Calancha <tino.calancha <at> gmail.com>
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Wed, 18 Jul 2018 23:56:34 +0900 (JST)

>> @@ -2288,7 +2289,8 @@ term-send-invisible
>>  \\[view-lossage]."
>>    (interactive "P") ; Defeat snooping via C-x esc
>>    (when (not (stringp str))
>> -    (setq str (term-read-noecho "Non-echoed text: " t)))
>> +    (let ((read-hide-char ?*))
>> +      (setq str (read-passwd "Non-echoed text: "))))
>>    (when (not proc)
>>      (setq proc (get-buffer-process (current-buffer))))
>>    (if (not proc) (error "Current buffer has no process")
>
> Why do we need to bind `read-hide-char` here?
I made this binding so that the user observes same characters (?*)
to hide the input as with command:
M-x  term-send-invisble RET

> More specifically, shouldn't `read-passwd` do that for us (hence if it
> doesn't yet, then the right patch is to add this let-binding to
> `read-passwd`)?
I don't think so.  `read-passwd' uses ?. as default.  The docstring 
suggest us to let-bind `read-hide-char' in case we wish another char.
Alternatively we could use ?. always as default, and change 
`term-send-invisble'.
Personaly, I prefer ?* because my vision is quite poor and ?. looks too 
small :-|


>> @@ -2297,6 +2299,17 @@ term-send-invisible
>>      (term-send-string proc str)
>>      (term-send-string proc "\n")))
>>
>> +;; TODO: Maybe combine this with `comint-watch-for-password-prompt'.
>
> Would be nice, yes.
Indeed, one of my favourite Beach Boys songs.

>> @@ -3152,6 +3165,9 @@ term-emulate-terminal
>>  	  (term-handle-deferred-scroll))
>>
>>  	(set-marker (process-mark proc) (point))
>> +        (when (stringp decoded-substring)
>> +          (term-watch-for-password-prompt (prog1 decoded-substring
>> +                                            (setq decoded-substring nil))))
>
> I suggest you add a comment explaining why we set decoded-substring to nil.
Agreed.  It's not obvious at first glance.
This bug report was last modified 6 years and 358 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.