GNU bug report logs - #43302
password shows up in shell buffer (27.1)

Previous Next

Package: emacs;

Reported by: Nicholas Drozd <nicholasdrozd <at> gmail.com>

Date: Thu, 10 Sep 2020 00:41:01 UTC

Severity: normal

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Nicholas Drozd <nicholasdrozd <at> gmail.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 43302 <at> debbugs.gnu.org
Subject: bug#43302: password shows up in shell buffer (27.1)
Date: Fri, 12 Feb 2021 14:50:01 -0600

Your workaround works, but the fact remains that the behavior changed
between 26 and 27, and it changed in a way that I as a user found
disturbing. I switched to 27, and on my first session I ran a script
that queried for a password. Previously Emacs had hid the password as
I expected, but in 27 my password was unexpectedly exposed on the
screen. It's a bug, and it should be fixed. (I would try to fix it
myself, but I have no idea where to start. With a little guidance I
could take a crack at it.)

Alternatively, it could have been an intentional change in behavior.
In that case it should be noted in NEWS. Something like: "shell-mode:
Passwords are protected in fewer circumstances." But that sounds more
like antinews than news.

On Wed, Jan 27, 2021 at 12:20 AM Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
>
> Nicholas Drozd <nicholasdrozd <at> gmail.com> writes:
>
> > In 27, it looks like this:
> >
> > #+begin_src
> > $ bash password.sh
> > Password:
> > asdf
> > $
> > #+end_src
> >
> > The password (=asdf=) gets input directly into the shell buffer, unstarred.
>
> I'm able to reproduce the behaviour in Emacs 27 and 28.  However, if you
> say this:
>
> echo -n "Password:"
> read -sr password
>
> Then Emacs will *** the password in the minibuffer, so comint only
> triggers the password-reading behaviour if there's no newline there.
>
> Now, Emacs 26 did handle this...  somewhat:
>
>
> That is, it would include the newline in the prompt.
>
> So...  I think basically this works as intended currently: comint only
> triggers the password-reading behaviour if the prompt is on the current
> line (i.e., without a newline), so I'm closing this bug report.
>
> --
> (domestic pets only, the antidote for overdose, milk.)
>    bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 4 years and 94 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.