GNU bug report logs - #5664
view-lossage may show passwords and sensitive information

Previous Next

Package: emacs;

Reported by: Andreas Roehler <andreas.roehler <at> online.de>

Date: Mon, 1 Mar 2010 08:17:02 UTC

Severity: normal

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

Message #51 received at 5664-done <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Chong Yidong <cyd <at> stupidchicken.com>
Cc: Andreas Roehler <andreas.roehler <at> online.de>, 5664-done <at> debbugs.gnu.org
Subject: Re: bug#5664: 23.1.92; view-lossage
Date: Sun, 19 Jan 2014 14:31:08 +0100

Chong Yidong <cyd <at> stupidchicken.com> writes:

> Andreas Roehler <andreas.roehler <at> online.de> writes:
>
>> emacs -q
>> M-x shell
>> /bin/su at shell prompt
>>
>> prompt for PW arrives, when PW putted in, its visible at the screen
>>
>> root-shell (bash) arrives
>>
>> M-x report-emacs-bug
>>
>> View lossage displays root-password, replaced for this report by
>> MY-PW-SHOWN-HERE
>
> I'm afraid I can't reproduce this.  One possibility is that you are
> using a locale where the password prompt is given in a language that
> comint-watch-for-password-prompt does not recognize.  This is a known
> issue; customize comint-password-prompt-regexp to add the
> locale-dependent password prompt(s) to the list of recognized prompts.

Due to bug#13124, Emacs knows now the password keyword for many
languages. There is a new variable `password-word-equivalents'.

In order to fix *this* bug, that variable is used in
`eshell-password-prompt-regexp'.

Closing the bug, but I'd appreciate if somebody with a localized
password prompt checks it.

Best regards, Michael.
This bug report was last modified 11 years and 181 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.