GNU bug report logs - #30190
27.0.50; term run in line mode shows user passwords

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Sun, 21 Jan 2018 12:17:02 UTC

Severity: normal

Tags: confirmed, fixed, security

Found in versions 27.0.50, 24.3

Fixed in version 26.2

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #33 received at 30190 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> users.sourceforge.net>
To: Tino Calancha <tino.calancha <at> gmail.com>
Cc: 30190 <at> debbugs.gnu.org
Subject: Re: bug#30190: 27.0.50; term run in line mode shows user passwords
Date: Sat, 3 Feb 2018 21:29:32 -0500

On Sat, Feb 3, 2018 at 9:23 PM, Tino Calancha <tino.calancha <at> gmail.com> wrote:

>> Doesn't look like that much of a risk to me: the user immediately sees
>> the problem, so it's more of a minor nuisance.
>
> It depends of the situation.  Few years ago, my boss watched my password
> because this thing; if the password would be an offensive word
> against him (it wasn't, he was nice) I could be fired.  I remember he
> mnetioned very proudly that in vi editor the password is always hidden...
>
> This is also a risk while pair-programming; recently I am doing a lot with
> several buddies.  I suspect one of my passwords might be compromised.

But why wouldn't you just switch to char-mode before entering your
password? (which is kind of annoying to have to do, but still)
This bug report was last modified 6 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.