GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #125 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
To: Tino Calancha <tino.calancha <at> gmail.com>
Cc: 30190 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>,
 Noam Postavsky <npostavs <at> gmail.com>
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Wed, 18 Jul 2018 11:54:46 -0400

>> More specifically, shouldn't `read-passwd` do that for us (hence if it
>> doesn't yet, then the right patch is to add this let-binding to
>> `read-passwd`)?
> I don't think so.  `read-passwd' uses ?. as default.  The docstring suggest
> us to let-bind `read-hide-char' in case we wish another char.

But why does term-mode want to use a different char?
What's so different about term-mode?

> Alternatively we could use ?. always as default, and change
> `term-send-invisble'.

I don't understand what change to term-send-invisble you're thinking of.

> Personaly, I prefer ?* because my vision is quite poor and ?. looks too
> small :-|

But your vision is not poor only in term-mode, right?
So, what you're really saying here is that you'd like to change
read-passwd to use ?* instead of ?., isn't it?  If so, I have nothing
against it, but it's a separate concern from that of bug#30190 and it
should apply to all uses of read-passwd.


        Stefan
This bug report was last modified 6 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.