GNU bug report logs - #36154
read-passwd allows copying typed in password to kill-ring

Previous Next

Package: emacs;

Reported by: Ahmet BASTUG <bastugn <at> itu.edu.tr>

Date: Sun, 9 Jun 2019 20:56:01 UTC

Severity: minor

Tags: security, wontfix

Found in version 26.2

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 36154 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: Phil Sainty <psainty <at> orcon.net.nz>
Cc: Ahmet BASTUG <bastugn <at> itu.edu.tr>, 36154 <at> debbugs.gnu.org,
 Lars Ingebrigtsen <larsi <at> gnus.org>
Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue
Date: Wed, 09 Oct 2019 20:49:56 -0400

Phil Sainty <psainty <at> orcon.net.nz> writes:

> On 2019-10-10 12:25, Lars Ingebrigtsen wrote:
>> I think it makes sense to allow users to do this -- this is something
>> that should be up to them whether to do or not.  So I'm closing this
>> bug
>> report.  If anybody disagrees with this, please feel free to reopen.
>
> A potential solution to this would to make the low-level kill functions
> respect a new `inhibit-kill-ring' variable, such that nothing would be
> added to the kill ring if that was non-nil.

IMO, it would be bettter to rebind the kill commands to corresponding
delete commands in read-passwd-map.

This bug report was last modified 5 years and 227 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #36154 read-passwd allows copying typed in password to kill-ring

GNU bug report logs - #36154
read-passwd allows copying typed in password to kill-ring