GNU bug report logs - #36154
read-passwd allows copying typed in password to kill-ring

Previous Next

Package: emacs;

Reported by: Ahmet BASTUG <bastugn <at> itu.edu.tr>

Date: Sun, 9 Jun 2019 20:56:01 UTC

Severity: minor

Tags: security, wontfix

Found in version 26.2

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #27 received at 36154 <at> debbugs.gnu.org (full text, mbox):

From: Phil Sainty <psainty <at> orcon.net.nz>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: Ahmet BASTUG <bastugn <at> itu.edu.tr>, 36154 <at> debbugs.gnu.org,
 Lars Ingebrigtsen <larsi <at> gnus.org>
Subject: Re: bug#36154: 26.2; read-passwd function creates a security issue
Date: Thu, 10 Oct 2019 16:01:47 +1300

On 2019-10-10 13:49, Noam Postavsky wrote:
> Phil Sainty <psainty <at> orcon.net.nz> writes:
>> A potential solution to this would to make the low-level kill 
>> functions
>> respect a new `inhibit-kill-ring' variable, such that nothing would be
>> added to the kill ring if that was non-nil.
> 
> IMO, it would be bettter to rebind the kill commands to corresponding
> delete commands in read-passwd-map.

My main argument against that (at least as a complete solution) is that
is necessitates *knowing* what all the kill commands are, and what their
corresponding delete commands would be.

This would also mean maintaining that moving forwards for standard
commands; but that still wouldn't account for arbitrary third-party and
custom commands which call `kill-new'.

I think such remapping of standard commands would be entirely reasonable
as an *additional* step (particularly if it was wrapped into a minor 
mode),
but personally I think there is a greater benefit (with wider 
application)
in the `inhibit-kill-ring' notion.


-Phil
This bug report was last modified 5 years and 227 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.