GNU bug report logs - #5664
view-lossage may show passwords and sensitive information

Previous Next

Package: emacs;

Reported by: Andreas Roehler <andreas.roehler <at> online.de>

Date: Mon, 1 Mar 2010 08:17:02 UTC

Severity: normal

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Andreas Roehler <andreas.roehler <at> online.de>
To: Chong Yidong <cyd <at> stupidchicken.com>
Cc: 5664 <at> debbugs.gnu.org
Subject: bug#5664: 23.1.92; view-lossage
Date: Sat, 06 Mar 2010 21:04:18 +0100

Chong Yidong wrote:
>> may reproduce bug mentioned here:
>>
>> http://lists.gnu.org/archive/html/help-gnu-emacs/2010-02/msg00602.html
>>
>> With emacs-shell, emacs -q
>>
>> 1) when prompted for pw, it's shown afterwards at the screen
>> 2) it's visible by view-lossage/recent-input
> 
> I can't reproduce this.  Please provide an exact recipe; the one you
> gave was far too imprecise.
> 


Commands have been:

emacs -q
M-x shell
/bin/su at shell prompt

prompt for PW arrives, when PW putted in, its visible at the screen

root-shell (bash) arrives

M-x report-emacs-bug

View lossage displays root-password, replaced for this report by
MY-PW-SHOWN-HERE

Thanks caring for the matter,

Andreas
;;;;;;;;;;

In GNU Emacs 23.1.92.1 (i686-pc-linux-gnu, GTK+ Version 2.12.0)
 of 2010-02-19

Windowing system distributor `The X.Org Foundation', version 11.0.70200000
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: de_DE.UTF-8
  value of $XMODIFIERS: @im=local
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Shell

Minor modes in effect:
  shell-dirtrack-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
M-x s h e l l <return> / b i n / s u <return> MY-PW-SHOWN-HERE <return> M-x r e p o r t - e m a c s - b u
g <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort mail-extr message sendmail regexp-opt ecomplete rfc822 mml
easymenu mml-sec password-cache mm-decode mm-bodies mm-encode mailcap
mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums mailabbrev nnheader
gnus-util netrc time-date mm-util mail-prsvr gmm-utils wid-edit
mailheader canlock sha1 hex-util hashcash mail-utils emacsbug ansi-color
shell comint ring tooltip ediff-hook vc-hooks lisp-float-type mwheel
x-win x-dnd font-setting tool-bar dnd fontset image fringe lisp-mode
register page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)
This bug report was last modified 11 years and 120 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.