GNU bug report logs - #5664
view-lossage may show passwords and sensitive information

Previous Next

Package: emacs;

Reported by: Andreas Roehler <andreas.roehler <at> online.de>

Date: Mon, 1 Mar 2010 08:17:02 UTC

Severity: normal

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Andreas Roehler <andreas.roehler <at> online.de>
To: 5664 <at> debbugs.gnu.org
Subject: bug#5664: 23.1.92; view-lossage
Date: Mon, 01 Mar 2010 09:18:20 +0100

Hi,

may reproduce bug mentioned here:

http://lists.gnu.org/archive/html/help-gnu-emacs/2010-02/msg00602.html

With emacs-shell, emacs -q

1) when prompted for pw, it's shown afterwards at the screen
2) it's visible by view-lossage/recent-input

replaced it below for this report by MY-PASSWORD-DISPLAYED-HERE

In GNU Emacs 23.1.92.1 (i686-pc-linux-gnu, GTK+ Version 2.12.0)
 of 2010-02-19
Windowing system distributor `The X.Org Foundation', version 11.0.70200000
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: de_DE.UTF-8
  value of $XMODIFIERS: @im=local
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Shell

Minor modes in effect:
  shell-dirtrack-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
M-x s h e l l <return> / b n <backspace> <backspace>
b i n / s u <return> MY-PASSWORD-DISPLAYED-HERE <return> M-x r e
p o r t - e m a c - <backspace> s - b u g <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort mail-extr message sendmail regexp-opt ecomplete rfc822 mml
easymenu mml-sec password-cache mm-decode mm-bodies mm-encode mailcap
mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums mailabbrev nnheader
gnus-util netrc time-date mm-util mail-prsvr gmm-utils wid-edit
mailheader canlock sha1 hex-util hashcash mail-utils emacsbug ansi-color
shell comint ring tooltip ediff-hook vc-hooks lisp-float-type mwheel
x-win x-dnd font-setting tool-bar dnd fontset image fringe lisp-mode
register page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)
This bug report was last modified 11 years and 120 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.