From unknown Sat Jun 21 03:08:08 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#36154 <36154@debbugs.gnu.org> To: bug#36154 <36154@debbugs.gnu.org> Subject: Status: read-passwd allows copying typed in password to kill-ring Reply-To: bug#36154 <36154@debbugs.gnu.org> Date: Sat, 21 Jun 2025 10:08:08 +0000 retitle 36154 read-passwd allows copying typed in password to kill-ring reassign 36154 emacs submitter 36154 Ahmet BASTUG severity 36154 minor tag 36154 security wontfix thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 09 16:55:55 2019 Received: (at submit) by debbugs.gnu.org; 9 Jun 2019 20:55:55 +0000 Received: from localhost ([127.0.0.1]:55477 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ha4r4-0003T8-2y for submit@debbugs.gnu.org; Sun, 09 Jun 2019 16:55:55 -0400 Received: from lists.gnu.org ([209.51.188.17]:37162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ha418-0001xX-Fb for submit@debbugs.gnu.org; Sun, 09 Jun 2019 16:02:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39117) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1ha415-0005Cn-VJ for bug-gnu-emacs@gnu.org; Sun, 09 Jun 2019 16:02:14 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ha412-00040n-7N for bug-gnu-emacs@gnu.org; Sun, 09 Jun 2019 16:02:11 -0400 Received: from duman2.cc.itu.edu.tr ([160.75.25.119]:57962) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ha410-0003uE-V6 for bug-gnu-emacs@gnu.org; Sun, 09 Jun 2019 16:02:07 -0400 Received: from itu.edu.tr (authenticated aid=ITUec8aa06da52a8f1ebd017cfae50385f2 bits=0) by duman2.cc.itu.edu.tr with ESMTP id x59K1lsY026050 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 9 Jun 2019 23:01:48 +0300 DKIM-Filter: OpenDKIM Filter v2.11.0 duman2.cc.itu.edu.tr x59K1lsY026050 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itu.edu.tr; s=itu; t=1560110509; bh=mXv7k2y+7L97F7xO8sYzjzJXyiw1iQj6GpzOTvgvKUc=; h=To:From:Subject:Date:From; b=EAf1gc9yqWFRFjtXwYTt7ON23CYBa6yDyKsM+rr7eG4cUY4rwROmExdv6NiQWCp5V o/BeKWgh4nMNP1vMBsOvx0brcA/Ksu1E0F5DCvtBYngLCKQ0jM2jDa7CK619f/dNxc avt5hNJOEzYHiYv11eBGFpB9jL8/VowdHjM7U9ko= To: bug-gnu-emacs@gnu.org From: Ahmet BASTUG Subject: 26.2; read-passwd function creates a security issue Message-ID: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> Date: Sun, 9 Jun 2019 23:01:52 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US X-Virus-Scanned: clamav-milter 0.101.2 at duman2.cc.itu.edu.tr X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by duman2.cc.itu.edu.tr id x59K1lsY026050 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 160.75.25.119 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 09 Jun 2019 16:55:52 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) read-passwd function which is located in "subr.el" causes kind of a=20 security issue. When function is used, user is prompted with a promt and=20 everything user typed is displayed as '.' characters. If any kind of=20 kill operation is performed on the prompt minibuffer, real value is=20 saved into kill-ring. Then you can yank it anywhere you want. I'm not=20 sure this is meant this way but I think not. --text follows this line-- In GNU Emacs 26.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.8) =C2=A0of 2019-04-12 built on juergen Windowing system distributor 'The X.Org Foundation', version 11.0.1200400= 0 System Description:=C2=A0=C2=A0=C2=A0 Manjaro Linux Recent messages: Type C-c C-c to finish, or C-c C-k to cancel When done with a buffer, type C-c C-c Saving file /home/kosantosbik/projects/bot/.git/COMMIT_EDITMSG... Wrote /home/kosantosbik/projects/bot/.git/COMMIT_EDITMSG Git finished Running git push -v origin master:refs/heads/master Git finished C-x C-g is undefined "" Mark set Configured using: =C2=A0'configure --prefix=3D/usr --sysconfdir=3D/etc --libexecdir=3D/usr= /lib --localstatedir=3D/var --with-x-toolkit=3Dgtk3 --with-xft --with-modules 'CFLAGS=3D-march=3Dx86-64 -mtune=3Dgeneric -O2 -pipe -fstack-protector-st= rong -fno-plt' CPPFLAGS=3D-D_FORTIFY_SOURCE=3D2 LDFLAGS=3D-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now' Configured features: XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS GLIB NOTIFY ACL GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS LIBSYSTEMD LCMS2 Important settings: =C2=A0 value of $LC_MONETARY: tr_TR.UTF-8 =C2=A0 value of $LC_NUMERIC: tr_TR.UTF-8 =C2=A0 value of $LC_TIME: tr_TR.UTF-8 =C2=A0 value of $LANG: en_US.UTF-8 =C2=A0 locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: =C2=A0 global-magit-file-mode: t =C2=A0 magit-auto-revert-mode: t =C2=A0 global-git-commit-mode: t =C2=A0 async-bytecomp-package-mode: t =C2=A0 shell-dirtrack-mode: t =C2=A0 global-atomic-chrome-edit-mode: t =C2=A0 server-mode: t =C2=A0 save-place-mode: t =C2=A0 savehist-mode: t =C2=A0 doom-modeline-mode: t =C2=A0 global-auto-revert-mode: t =C2=A0 ace-pinyin-global-mode: t =C2=A0 ace-pinyin-mode: t =C2=A0 global-aggressive-indent-mode: t =C2=A0 aggressive-indent-mode: t =C2=A0 global-anzu-mode: t =C2=A0 anzu-mode: t =C2=A0 drag-stuff-global-mode: t =C2=A0 drag-stuff-mode: t =C2=A0 global-hungry-delete-mode: t =C2=A0 hungry-delete-mode: t =C2=A0 global-undo-tree-mode: t =C2=A0 undo-tree-mode: t =C2=A0 fancy-narrow-mode: t =C2=A0 counsel-projectile-mode: t =C2=A0 counsel-mode: t =C2=A0 diredfl-global-mode: t =C2=A0 ivy-rich-mode: t =C2=A0 ivy-mode: t =C2=A0 delete-selection-mode: t =C2=A0 company-box-mode: t =C2=A0 global-company-mode: t =C2=A0 company-mode: t =C2=A0 yas-global-mode: t =C2=A0 yas-minor-mode: t =C2=A0 global-hl-line-mode: t =C2=A0 show-paren-mode: t =C2=A0 global-hl-todo-mode: t =C2=A0 hl-todo-mode: t =C2=A0 diff-hl-flydiff-mode: t =C2=A0 global-diff-hl-mode: t =C2=A0 diff-auto-refine-mode: t =C2=A0 volatile-highlights-mode: t =C2=A0 persp-mode-projectile-bridge-mode: t =C2=A0 persp-mode: t =C2=A0 winner-mode: t =C2=A0 ace-window-display-mode: t =C2=A0 shackle-mode: t =C2=A0 which-key-mode: t =C2=A0 flycheck-posframe-mode: t =C2=A0 display-line-numbers-mode: t =C2=A0 goto-address-prog-mode: t =C2=A0 subword-mode: t =C2=A0 origami-mode: t =C2=A0 symbol-overlay-mode: t =C2=A0 highlight-indent-guides-mode: t =C2=A0 rainbow-mode: t =C2=A0 rainbow-delimiters-mode: t =C2=A0 whitespace-mode: t =C2=A0 electric-pair-mode: t =C2=A0 persistent-scratch-autosave-mode: t =C2=A0 global-flycheck-mode: t =C2=A0 flycheck-mode: t =C2=A0 projectile-rails-global-mode: t =C2=A0 projectile-mode: t =C2=A0 dap-ui-mode: t =C2=A0 dap-mode: t =C2=A0 dumb-jump-mode: t =C2=A0 editorconfig-mode: t =C2=A0 recentf-mode: t =C2=A0 override-global-mode: t =C2=A0 tooltip-mode: t =C2=A0 global-eldoc-mode: t =C2=A0 eldoc-mode: t =C2=A0 electric-indent-mode: t =C2=A0 mouse-wheel-mode: t =C2=A0 prettify-symbols-mode: t =C2=A0 file-name-shadow-mode: t =C2=A0 global-font-lock-mode: t =C2=A0 font-lock-mode: t =C2=A0 blink-cursor-mode: t =C2=A0 auto-composition-mode: t =C2=A0 auto-encryption-mode: t =C2=A0 auto-compression-mode: t =C2=A0 size-indication-mode: t =C2=A0 column-number-mode: t =C2=A0 line-number-mode: t =C2=A0 transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort vc-mtn vc-hg vc-bzr vc-src vc-sccs vc-svn vc-cvs vc-rcs mail-extr emacsbug sendmail pager rng-xsd xsd-regexp rng-cmpct nxml-mode-expansions rng-nxml rng-valid rng-loc rng-uri rng-parse nxml-parse rng-match rng-dt rng-util rng-pttrn nxml-ns nxml-mode nxml-outln nxml-rap html-mode-expansions sgml-mode dom nxml-util nxml-enc xmltok magit-extras forge-list forge-commands forge-semi forge-bitbucket buck forge-gogs gogs forge-gitea gtea forge-gitlab glab forge-github ghub-graphql treepy graphql ghub forge-notify forge-revnote forge-pullreq forge-issue forge-topic bug-reference forge-post forge-repo forge forge-core forge-db closql emacsql-sqlite emacsql emacsql-compiler url-http url-auth url-gw url url-proxy url-privacy url-expand url-methods url-history mailcap magit-bookmark magit-submodule magit-obsolete magit-popup magit-blame magit-stash magit-reflog magit-bisect magit-push magit-pull magit-fetch magit-clone magit-remote magit-commit magit-sequence magit-notes magit-worktree magit-tag magit-merge magit-branch magit-reset magit-files magit-refs magit-status magit magit-repos magit-apply magit-wip magit-log which-func magit-diff smerge-mode magit-core magit-autorevert magit-margin magit-transient magit-process magit-mode transient git-commit magit-git magit-section magit-utils crm log-edit message rfc822 mml mml-sec epa derived epg gnus-util rmail rmail-loaddefs mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr mailabbrev mail-utils gmm-utils mailheader pcvs-util add-log with-editor async-bytecomp amx mwim pulse vc-git dap-python yapfify view python-el-fgallina-expansions python tramp-sh company-shell docker-tramp tramp-cache tramp tramp-compat tramp-loaddefs trampver ucs-normalize bash-completion shell pcomplete parse-time format-spec async face-remap disp-table atomic-chrome websocket url-cookie url-domsuf let-alist server saveplace savehist doom-modeline doom-modeline-segments doom-modeline-env doom-modeline-core shrink-path autorevert ace-link ace-pinyin pinyinlib aggressive-indent anzu drag-stuff smart-region easy-kill-mc easy-kill multiple-cursors mc-hide-unmatched-lines-mode mc-separate-operations rectangular-region-mode mc-mark-pop mc-mark-more mc-cycle-cursors mc-edit-lines multiple-cursors-core rect expand-region subword-mode-expansions text-mode-expansions ruby-mode-expansions er-basic-expansions expand-region-core expand-region-custom hungry-delete undo-tree fancy-narrow counsel-projectile counsel xdg dired-x diredfl dired dired-loaddefs swiper ivy-rich ivy flx delsel colir ivy-overlay ffap company-box company-box-doc company-box-icons company-oddmuse company-keywords company-etags company-gtags company-dabbrev-code company-dabbrev company-files company-capf company-cmake company-xcode company-clang company-semantic company-eclim company-template company-bbdb company yasnippet-snippets yasnippet time linum all-the-icons all-the-icons-faces data-material data-weathericons data-octicons data-fileicons data-faicons data-alltheicons memoize hl-line paren hl-todo diff-hl-flydiff diff diff-hl vc-dir vc vc-dispatcher diff-mode volatile-highlights persp-mode-projectile-bridge persp-mode windmove winner ace-window avy shackle trace which-key solaire-mode flycheck-posframe posframe display-line-numbers goto-addr flyspell ispell cap-words superword subword origami origami-parsers symbol-overlay highlight-indent-guides rainbow-mode xterm-color rainbow-delimiters whitespace lsp-clients lsp-clojure lsp-go lsp-xml lsp-css lsp-intelephense lsp-vetur lsp-html lsp-solargraph lsp-rust lsp-pyls elec-pair persistent-scratch flycheck find-func projectile-rails rake inflections inf-ruby ruby-mode smie cl projectile grep ibuf-ext ibuffer ibuffer-loaddefs dap-ui gdb-mi bindat gud bui bui-list bui-info bui-entry bui-core bui-history bui-button bui-utils cus-edit cus-start cus-load tree-mode dap-mode dap-overlays lsp lsp-mode ewoc markdown-mode color noutline outline url-util subr-x spinner network-stream puny nsm rmc starttls tls gnutls json map inline imenu ht filenotify em-glob esh-util dash-functional flymake-proc flymake compile comint ansi-color warnings thingatpt dumb-jump popup f dash s etags xref project editorconfig init-prog init-web init-elixir init-ruby init-python init-go init-c init-emacs-lisp init-dap init-lsp init-projectile init-flycheck init-vcs init-utils init-elfeed init-org init-markdown init-shell init-eshell init-treemacs init-window init-persp init-kill-ring init-ibuffer ibuf-macs init-highlight init-dired init-dashboard diminish dashboard dashboard-widgets recentf tree-widget wid-edit page-break-lines cal-china-x cal-china lunar solar cal-dst holidays hol-loaddefs cal-menu calendar cal-loaddefs bookmark pp init-calendar init-yasnippet init-company init-ivy init-edit hydra ring lv init-ui doom-themes-treemacs doom-themes-org doom-one-theme doom-themes doom-themes-common init-funcs init-basic exec-path-from-shell init-package cl-extra help-mode use-package use-package-ensure use-package-delight use-package-diminish use-package-bind-key bind-key easy-mmode use-package-core finder-inf edmacro kmacro rx info advice package easymenu epg-config url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache url-vars seq byte-opt bytecomp byte-compile cconv cl-loaddefs cl-lib pcase init-custom init-const gv time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty make-network-process emacs) Memory information: ((conses 16 997073 100529) =C2=A0(symbols 48 61911 1) =C2=A0(miscs 40 2523 1603) =C2=A0(strings 32 204635 32422) =C2=A0(string-bytes 1 5901869) =C2=A0(vectors 16 114421) =C2=A0(vector-slots 8 2156740 42766) =C2=A0(floats 8 2076 1129) =C2=A0(intervals 56 17136 3688) =C2=A0(buffers 992 47)) From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 10 09:08:31 2019 Received: (at control) by debbugs.gnu.org; 10 Jun 2019 13:08:31 +0000 Received: from localhost ([127.0.0.1]:56141 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1haK2I-0005ko-TQ for submit@debbugs.gnu.org; Mon, 10 Jun 2019 09:08:31 -0400 Received: from mail-it1-f178.google.com ([209.85.166.178]:39884) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1haK2G-0005ka-DK for control@debbugs.gnu.org; Mon, 10 Jun 2019 09:08:28 -0400 Received: by mail-it1-f178.google.com with SMTP id j204so12979718ite.4 for ; Mon, 10 Jun 2019 06:08:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=7xz2pBYbFzof/psnW7dvgJu24dd5+AeKIlyUGnuP7mw=; b=ZM4xN2WbX/vkiEuOpQroXLK3ql4vO3KmbrDWJ1Hk+6maIFcJogilh97N3zy4yMx9C5 dFdVBAzMI82IIb27KHYLMty2aa7OSfiYe8ndZBG1aZoPXwOXgKc1sKH6oh2JyJKgy4qH xxMQYvI7Mse/McpD0sERDd5vDZEKpgj+ecifK8pFYZblVmpKJ0ySPPKb2aA+DPikJb+T m/8rYQ2WpDJ3xDUs8kxj4g4oTvvoJk8lissyJL9ix04zte4G67a6NAFghJwyGSkDZSvb GSrl32atfngZJDJKzFWbCP6r7mkR2CER6A0VSZYCoBQdWVpJnBiKlq+sxB/c4q+dZ4WK 1neg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=7xz2pBYbFzof/psnW7dvgJu24dd5+AeKIlyUGnuP7mw=; b=CxsbXcmoQynhpvxWeydngb133IYpGhYNqdWdHI9f18JU/+xCSrA/CWEG40TisHWOr+ FHIwetyCYAxVPRnR9oM9zOwpR2FlaO6fqaEPusTR7y0OQ55lIbO+fFJN+8Obdn8p845e 86+73o91skqGuxAzDIqrBIDrzHGVz7WnAkoI2cO3JQDEJQG3XaUk6IXi/I8ePsVm2xx4 oEO31Lx7+cDlOivcAydpB3EomRASeNS8oxifSLTu0gDvrUI9R5HOVJx71q+AUFTEatfP G87MBmqSdpj0JOgXFlalLuCUXgXl7i97Bj360/t9CNzs2PfJR5HCxLfD4PswEj3l5PPj FQuA== X-Gm-Message-State: APjAAAWIXVdGHibVU6ORuFPEhwUTfAmXKn0hPydvbaa84hbxXQkPhhK1 jz2UcFmbSCMWESSkqNgCqMDY2Jpe X-Google-Smtp-Source: APXvYqxcZ0vreO+zUeKIbNyoEFxEeB00kNSXnobGGiw4gjWBlYGhg/lgeTsasYgfx5z0xe1LP+hBlQ== X-Received: by 2002:a02:5143:: with SMTP id s64mr46250203jaa.54.1560172102512; Mon, 10 Jun 2019 06:08:22 -0700 (PDT) Received: from vhost2 (CPE001143542e1f-CMf81d0f809fa0.cpe.net.cable.rogers.com. [99.230.51.196]) by smtp.gmail.com with ESMTPSA id t19sm3587180iog.41.2019.06.10.06.08.21 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 10 Jun 2019 06:08:22 -0700 (PDT) From: npostavs@gmail.com To: control@debbugs.gnu.org Subject: control message for bug #36154 Date: Mon, 10 Jun 2019 09:08:21 -0400 Message-ID: <85ftohbnay.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 36154 + security severity 36154 minor retitle 36154 read-passwd allows copying typed in password to kill-ring quit From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 09 19:26:05 2019 Received: (at 36154) by debbugs.gnu.org; 9 Oct 2019 23:26:05 +0000 Received: from localhost ([127.0.0.1]:54459 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iILLJ-0003bo-40 for submit@debbugs.gnu.org; Wed, 09 Oct 2019 19:26:05 -0400 Received: from quimby.gnus.org ([80.91.231.51]:46894) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iILLH-0003bd-HA for 36154@debbugs.gnu.org; Wed, 09 Oct 2019 19:26:04 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iILLD-0005zQ-Je; Thu, 10 Oct 2019 01:26:02 +0200 From: Lars Ingebrigtsen To: Ahmet BASTUG Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue References: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> Date: Thu, 10 Oct 2019 01:25:59 +0200 In-Reply-To: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> (Ahmet BASTUG's message of "Sun, 9 Jun 2019 23:01:52 +0300") Message-ID: <87k19dtsag.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Ahmet BASTUG writes: > read-passwd function which is located in "subr.el" causes kind of a > security issue. When function is used, user is prompted with a promt > and everything user typed is displayed as '.' characters. [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36154 Cc: 36154@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ahmet BASTUG writes: > read-passwd function which is located in "subr.el" causes kind of a > security issue. When function is used, user is prompted with a promt > and everything user typed is displayed as '.' characters. If any kind > of kill operation is performed on the prompt minibuffer, real value is > saved into kill-ring. Then you can yank it anywhere you want. I'm not > sure this is meant this way but I think not. I think it makes sense to allow users to do this -- this is something that should be up to them whether to do or not. So I'm closing this bug report. If anybody disagrees with this, please feel free to reopen. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 09 19:26:09 2019 Received: (at control) by debbugs.gnu.org; 9 Oct 2019 23:26:09 +0000 Received: from localhost ([127.0.0.1]:54462 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iILLN-0003c7-EI for submit@debbugs.gnu.org; Wed, 09 Oct 2019 19:26:09 -0400 Received: from quimby.gnus.org ([80.91.231.51]:46908) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iILLM-0003bz-HL for control@debbugs.gnu.org; Wed, 09 Oct 2019 19:26:08 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iILLJ-0005zb-RF for control@debbugs.gnu.org; Thu, 10 Oct 2019 01:26:07 +0200 Date: Thu, 10 Oct 2019 01:26:05 +0200 Message-Id: <87imoxtsaa.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #36154 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: tags 36154 wontfix close 36154 quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 36154 wontfix close 36154 quit From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 09 20:30:37 2019 Received: (at 36154) by debbugs.gnu.org; 10 Oct 2019 00:30:37 +0000 Received: from localhost ([127.0.0.1]:54540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIMLl-0003ge-0t for submit@debbugs.gnu.org; Wed, 09 Oct 2019 20:30:37 -0400 Received: from smtp-3.orcon.net.nz ([60.234.4.44]:44625) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIMLh-0003bY-0u for 36154@debbugs.gnu.org; Wed, 09 Oct 2019 20:30:35 -0400 Received: from [10.253.37.70] (port=39776 helo=webmail.orcon.net.nz) by smtp-3.orcon.net.nz with esmtpa (Exim 4.90_1) (envelope-from ) id 1iIMLY-0006lW-Ug; Thu, 10 Oct 2019 13:30:25 +1300 Received: from wlgwil-nat-office.catalyst.net.nz ([202.78.240.7]) via [10.253.37.253] by webmail.orcon.net.nz with HTTP (HTTP/1.1 POST); Thu, 10 Oct 2019 13:30:24 +1300 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 10 Oct 2019 13:30:24 +1300 From: Phil Sainty To: Lars Ingebrigtsen Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue In-Reply-To: <87k19dtsag.fsf@gnus.org> References: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> <87k19dtsag.fsf@gnus.org> Message-ID: X-Sender: psainty@orcon.net.nz User-Agent: Orcon Webmail X-GeoIP: -- X-Spam_score: -2.9 X-Spam_score_int: -28 X-Spam_bar: -- X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 36154 Cc: Ahmet BASTUG , 36154@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On 2019-10-10 12:25, Lars Ingebrigtsen wrote: > I think it makes sense to allow users to do this -- this is something > that should be up to them whether to do or not. So I'm closing this > bug > report. If anybody disagrees with this, please feel free to reopen. A potential solution to this would to make the low-level kill functions respect a new `inhibit-kill-ring' variable, such that nothing would be added to the kill ring if that was non-nil. A user option for the password entry routine could then be added to control whether or the variable was set by `read-passwd' when setting up the minibuffer. This facility might also have more general applicability, and perhaps even warrant a minor mode. I can certainly envisage `inhibit-kill-ring' being let-bound by users for specific cases, if they consider that unwanted kill ring pollution was occurring. -Phil From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 09 20:50:06 2019 Received: (at 36154) by debbugs.gnu.org; 10 Oct 2019 00:50:06 +0000 Received: from localhost ([127.0.0.1]:54545 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIMeb-0005cU-Ue for submit@debbugs.gnu.org; Wed, 09 Oct 2019 20:50:06 -0400 Received: from mail-io1-f48.google.com ([209.85.166.48]:45377) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIMea-0005bv-C5 for 36154@debbugs.gnu.org; Wed, 09 Oct 2019 20:50:04 -0400 Received: by mail-io1-f48.google.com with SMTP id c25so9782250iot.12 for <36154@debbugs.gnu.org>; Wed, 09 Oct 2019 17:50:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=QOnm8Xvr6qdi5GL+7lObI/M6gZl6vNuumC1mFZATmsc=; b=E5q6C9hyV38VwzPC/fCs9mOeJ9u3xXDJHOWEVtHKFrNCPzz3fHmSGiyR2/9i/1hwtI VDv6qX5GxPnUQ0Z/D6EsYkeH2JwBNQqwhPWcdtQxx3B70lt0CPXAfE0Xty4ZzXutUj3W SUD3OOLWL5Bkq1wHBff7wLh4JymAZSPXrDf+c49MbDUxa0ueYvXgL26Hfwul6J/+Iunh eZFq5n90Le7kxVUFAbxrNJuCK/evm15WkaaI7G3LMzX2e/bYJZtihAbRqxEw3HqXhmOx eLlrYeKzhTF6WaYqe/GY7fVk/W09tibBLxVIGBVS7TmPrEraVOjUDX+YrWd4cVTFUPxC rw4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=QOnm8Xvr6qdi5GL+7lObI/M6gZl6vNuumC1mFZATmsc=; b=lvaf29VR6NXqPIU3D/lx1k5TUJoEAhNYcVMXtr8M3fWtvEwr1EtYS83tuWXgei5y5T UvPD62CMWUOxwYSKBOpMra+OhoRdtRAq/s6UE+1Wqg3MCXM7lDizaQxlVd7J08MZVGna ttSmdN4FO3y4XLNloFXM10jsbC4E/s7EKu9W5vT630eLxZG9sr4KSM3Gn3l6QGKrhASd M8tAc6m81SzFGPP2bUE+ISYr1dPlHqHf5m45PFqrql6284dBKSy23Ah++mCVoP0qGP7z fiamYso5mIxzkzMEtrq8FGa5QRNqknbZua4Hx2NU73mD4/hMZc+AGD9zZeQumMMtkGWB cbDA== X-Gm-Message-State: APjAAAXQJYHkA2z/ezYq1UxqtgYHiE+IUBFOPfnn3fZCyj+s2ae8dnZh 873aJmfUTPH2lSZwwGuPAxbGD7vu X-Google-Smtp-Source: APXvYqwsYQ7U2DLqV4k5HDO5p3BvB48s+feUzhTKWRAi6Wyn+6S5Zffq10OuKFul7tOfnhgLLO9iBg== X-Received: by 2002:a02:c015:: with SMTP id y21mr6730777jai.138.1570668598248; Wed, 09 Oct 2019 17:49:58 -0700 (PDT) Received: from minid (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34]) by smtp.gmail.com with ESMTPSA id x2sm2782107iob.74.2019.10.09.17.49.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 09 Oct 2019 17:49:57 -0700 (PDT) From: Noam Postavsky To: Phil Sainty Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue References: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> <87k19dtsag.fsf@gnus.org> Date: Wed, 09 Oct 2019 20:49:56 -0400 In-Reply-To: (Phil Sainty's message of "Thu, 10 Oct 2019 13:30:24 +1300") Message-ID: <87v9sx77bf.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36154 Cc: Ahmet BASTUG , 36154@debbugs.gnu.org, Lars Ingebrigtsen X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Phil Sainty writes: > On 2019-10-10 12:25, Lars Ingebrigtsen wrote: >> I think it makes sense to allow users to do this -- this is something >> that should be up to them whether to do or not. So I'm closing this >> bug >> report. If anybody disagrees with this, please feel free to reopen. > > A potential solution to this would to make the low-level kill functions > respect a new `inhibit-kill-ring' variable, such that nothing would be > added to the kill ring if that was non-nil. IMO, it would be bettter to rebind the kill commands to corresponding delete commands in read-passwd-map. From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 09 23:01:58 2019 Received: (at 36154) by debbugs.gnu.org; 10 Oct 2019 03:01:58 +0000 Received: from localhost ([127.0.0.1]:54878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIOiD-0000Vs-Kv for submit@debbugs.gnu.org; Wed, 09 Oct 2019 23:01:57 -0400 Received: from smtp-3.orcon.net.nz ([60.234.4.44]:55839) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iIOiA-0000Vf-JB for 36154@debbugs.gnu.org; Wed, 09 Oct 2019 23:01:55 -0400 Received: from [10.253.37.70] (port=43514 helo=webmail.orcon.net.nz) by smtp-3.orcon.net.nz with esmtpa (Exim 4.90_1) (envelope-from ) id 1iIOi3-00084C-Tk; Thu, 10 Oct 2019 16:01:48 +1300 Received: from wlgwil-nat-office.catalyst.net.nz ([202.78.240.7]) via [10.253.37.253] by webmail.orcon.net.nz with HTTP (HTTP/1.1 POST); Thu, 10 Oct 2019 16:01:47 +1300 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 10 Oct 2019 16:01:47 +1300 From: Phil Sainty To: Noam Postavsky Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue In-Reply-To: <87v9sx77bf.fsf@gmail.com> References: <384906f0-1cfb-f813-3d2d-093ef65a1e69@itu.edu.tr> <87k19dtsag.fsf@gnus.org> <87v9sx77bf.fsf@gmail.com> Message-ID: <2caa617d3aa54a8f441b5a0fa080c899@webmail.orcon.net.nz> X-Sender: psainty@orcon.net.nz User-Agent: Orcon Webmail X-GeoIP: -- X-Spam_score: -2.9 X-Spam_score_int: -28 X-Spam_bar: -- X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 36154 Cc: Ahmet BASTUG , 36154@debbugs.gnu.org, Lars Ingebrigtsen X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On 2019-10-10 13:49, Noam Postavsky wrote: > Phil Sainty writes: >> A potential solution to this would to make the low-level kill >> functions >> respect a new `inhibit-kill-ring' variable, such that nothing would be >> added to the kill ring if that was non-nil. > > IMO, it would be bettter to rebind the kill commands to corresponding > delete commands in read-passwd-map. My main argument against that (at least as a complete solution) is that is necessitates *knowing* what all the kill commands are, and what their corresponding delete commands would be. This would also mean maintaining that moving forwards for standard commands; but that still wouldn't account for arbitrary third-party and custom commands which call `kill-new'. I think such remapping of standard commands would be entirely reasonable as an *additional* step (particularly if it was wrapped into a minor mode), but personally I think there is a greater benefit (with wider application) in the `inhibit-kill-ring' notion. -Phil From unknown Sat Jun 21 03:08:08 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 07 Nov 2019 12:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator