GNU bug report logs -
#30190
27.0.50; term run in line mode shows user passwords
Previous Next
Reported by: Tino Calancha <tino.calancha <at> gmail.com>
Date: Sun, 21 Jan 2018 12:17:02 UTC
Severity: normal
Tags: confirmed, fixed, security
Found in versions 27.0.50, 24.3
Fixed in version 26.2
Done: Noam Postavsky <npostavs <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #77 received at 30190 <at> debbugs.gnu.org (full text, mbox):
> From: Tino Calancha <tino.calancha <at> gmail.com>
> Cc: 30190 <at> debbugs.gnu.org, rms <at> gnu.org, npostavs <at> users.sourceforge.net
> Date: Sat, 10 Mar 2018 22:17:13 +0900
>
> Bad behaviour:
> [sudo] password for foo:
> # This throws 'command not found' BUT _sometimes_ you are prompted for
> # your password in the minibuffer.
> # Note: This happens in a dumb shell buffer as well.
What happens if you have a command (say, a shell script) that prompts
for something that is not a password with a prompt that starts with
text that matches the regexp -- what is the behavior then, after your
changes? What I see here is that the filter redirects that to the
minibuffer, and doesn't show the text I type, unlike what happened
before your changes. Wouldn't that look like a bug and cause bug
reports?
I'm also worried by the "_sometimes_" part: does it mean the behavior
is not deterministic? Why?
> Whatever misfunction of my patch should happen in a dumb shell buffer
> started with:
> M-x shell
Yes, but two wrongs don't make a right...
This bug report was last modified 6 years and 357 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.