GNU bug report logs - #5664
view-lossage may show passwords and sensitive information

Previous Next

Package: emacs;

Reported by: Andreas Roehler <andreas.roehler <at> online.de>

Date: Mon, 1 Mar 2010 08:17:02 UTC

Severity: normal

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#5664: closed (view-lossage may show passwords and sensitive
 information)
Date: Sun, 19 Jan 2014 13:32:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sun, 19 Jan 2014 14:31:08 +0100
with message-id <87ha9085er.fsf <at> gmx.de>
and subject line Re: bug#5664: 23.1.92; view-lossage
has caused the debbugs.gnu.org bug report #5664,
regarding view-lossage may show passwords and sensitive information
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
5664: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=5664
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Andreas Roehler <andreas.roehler <at> online.de>
To: bug-gnu-emacs <at> gnu.org
Subject: 23.1.92; view-lossage
Date: Mon, 01 Mar 2010 09:18:20 +0100

Hi,

may reproduce bug mentioned here:

http://lists.gnu.org/archive/html/help-gnu-emacs/2010-02/msg00602.html

With emacs-shell, emacs -q

1) when prompted for pw, it's shown afterwards at the screen
2) it's visible by view-lossage/recent-input

replaced it below for this report by MY-PASSWORD-DISPLAYED-HERE

In GNU Emacs 23.1.92.1 (i686-pc-linux-gnu, GTK+ Version 2.12.0)
 of 2010-02-19
Windowing system distributor `The X.Org Foundation', version 11.0.70200000
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: de_DE.UTF-8
  value of $XMODIFIERS: @im=local
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Shell

Minor modes in effect:
  shell-dirtrack-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
M-x s h e l l <return> / b n <backspace> <backspace>
b i n / s u <return> MY-PASSWORD-DISPLAYED-HERE <return> M-x r e
p o r t - e m a c - <backspace> s - b u g <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort mail-extr message sendmail regexp-opt ecomplete rfc822 mml
easymenu mml-sec password-cache mm-decode mm-bodies mm-encode mailcap
mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums mailabbrev nnheader
gnus-util netrc time-date mm-util mail-prsvr gmm-utils wid-edit
mailheader canlock sha1 hex-util hashcash mail-utils emacsbug ansi-color
shell comint ring tooltip ediff-hook vc-hooks lisp-float-type mwheel
x-win x-dnd font-setting tool-bar dnd fontset image fringe lisp-mode
register page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)




[Message part 3 (message/rfc822, inline)]
From: Michael Albinus <michael.albinus <at> gmx.de>
To: Chong Yidong <cyd <at> stupidchicken.com>
Cc: Andreas Roehler <andreas.roehler <at> online.de>, 5664-done <at> debbugs.gnu.org
Subject: Re: bug#5664: 23.1.92; view-lossage
Date: Sun, 19 Jan 2014 14:31:08 +0100

Chong Yidong <cyd <at> stupidchicken.com> writes:

> Andreas Roehler <andreas.roehler <at> online.de> writes:
>
>> emacs -q
>> M-x shell
>> /bin/su at shell prompt
>>
>> prompt for PW arrives, when PW putted in, its visible at the screen
>>
>> root-shell (bash) arrives
>>
>> M-x report-emacs-bug
>>
>> View lossage displays root-password, replaced for this report by
>> MY-PW-SHOWN-HERE
>
> I'm afraid I can't reproduce this.  One possibility is that you are
> using a locale where the password prompt is given in a language that
> comint-watch-for-password-prompt does not recognize.  This is a known
> issue; customize comint-password-prompt-regexp to add the
> locale-dependent password prompt(s) to the list of recognized prompts.

Due to bug#13124, Emacs knows now the password keyword for many
languages. There is a new variable `password-word-equivalents'.

In order to fix *this* bug, that variable is used in
`eshell-password-prompt-regexp'.

Closing the bug, but I'd appreciate if somebody with a localized
password prompt checks it.

Best regards, Michael.
This bug report was last modified 11 years and 119 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.