GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #21 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> users.sourceforge.net>
To: Tino Calancha <tino.calancha <at> gmail.com>
Cc: 30190 <at> debbugs.gnu.org
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Sat, 03 Feb 2018 11:44:15 -0500

Tino Calancha <tino.calancha <at> gmail.com> writes:

> Noam Postavsky <npostavs <at> users.sourceforge.net> writes:
>
>> Yes, seems to have been the case for a long time, I can reproduce back
>> to 24.3 (oldest Emacs version I have running).
> This is a security risk.  I would like to have it fixed ASAP.
> Below patch seems to work.  Any feedback would be appreciated.

Doesn't look like that much of a risk to me: the user immediately sees
the problem, so it's more of a minor nuisance.

> -(defcustom comint-password-prompt-regexp

I don't see an alias for this one.  Otherwise I think it's okay.
This bug report was last modified 6 years and 350 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.