GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #128 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Tino Calancha <tino.calancha <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 30190 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>,
 Noam Postavsky <npostavs <at> gmail.com>, Tino Calancha <tino.calancha <at> gmail.com>
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Thu, 19 Jul 2018 08:28:20 +0900 (JST)


On Wed, 18 Jul 2018, Stefan Monnier wrote:

>>> More specifically, shouldn't `read-passwd` do that for us (hence if it
>>> doesn't yet, then the right patch is to add this let-binding to
>>> `read-passwd`)?
>> I don't think so.  `read-passwd' uses ?. as default.  The docstring suggest
>> us to let-bind `read-hide-char' in case we wish another char.
>
> But why does term-mode want to use a different char?
> What's so different about term-mode?
Of course, nothing.  I imagine it's for historical reasons; probably
someone introduced ?* at some point in term.el and nobody cared about it.

>> Alternatively we could use ?. always as default, and change
>> `term-send-invisble'.
>
> I don't understand what change to term-send-invisble you're thinking of.
I mean not passing non-nil 2nd argument here:
  (when (not (stringp str))
    (setq str (term-read-noecho "Non-echoed text: " t)))

;; Above code is from `term-send-invisible'.


>> Personaly, I prefer ?* because my vision is quite poor and ?. looks too
>> small :-|
>
> But your vision is not poor only in term-mode, right?
> So, what you're really saying here is that you'd like to change
> read-passwd to use ?* instead of ?., isn't it?  If so, I have nothing
> against it, but it's a separate concern from that of bug#30190 and it
> should apply to all uses of read-passwd.
Let's be realistic, these kind of changes usually are not welcome.  Not a 
problem though.  It's very minor issue and many people would love ?.

Since you look interested I tell a bit more; while I am introducing a
hidden text (usually a password), I count the number
of ?. to see if matches the length of the password.  This is a fast mental
check, don't bother to select the minibuffer contents and check its size.

I find easier to count ?* than ?.
But more than this personal issue from a handicapped person (visually), I
care more about the lack of consistency, as you do: yeah, we should
present uniformly the same char for any command hiding its input.
How to achieve that?  I am sure Eli find the proper way.
This bug report was last modified 6 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.