GNU bug report logs - #79424
30.2; shell-mode doesn't hide password

Previous Next

Package: emacs;

Reported by: André A. Gomes <andremegafone <at> gmail.com>

Date: Wed, 10 Sep 2025 15:10:02 UTC

Severity: normal

Found in version 30.2

Fixed in version 31.1

Done: Michael Albinus <michael.albinus <at> gmx.de>

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: André A. Gomes <andremegafone <at> gmail.com>
Subject: bug#79424: closed (Re: bug#79424: 30.2; shell-mode doesn't hide
 password)
Date: Sat, 13 Sep 2025 07:26:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#79424: 30.2; shell-mode doesn't hide password

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 79424 <at> debbugs.gnu.org.

-- 
79424: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=79424
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Michael Albinus <michael.albinus <at> gmx.de>
To: André A. Gomes <andremegafone <at> gmail.com>
Cc: 79424-done <at> debbugs.gnu.org
Subject: Re: bug#79424: 30.2; shell-mode doesn't hide password
Date: Sat, 13 Sep 2025 09:25:27 +0200

Version: 31.1

André A. Gomes <andremegafone <at> gmail.com> writes:

Hi André,

>>> I remind you that I am running a VM with qemu where I'm passing "-net
>>> user,hostfwd=tcp::2222-:22".  This maps the localhost port 2222 to port
>>> 22 on the VM, so that I can connect to the VM via "ssh user <at> host -p
>>> 2222".  Let me know if you understood the setup.
>>
>> I understand, but I cannot set it up locally w/o too much effort. And
>> I'd like to know whether the changed password prompt comes from this
>> port forwarding, or from something else you have configured in ssh.
>
> I haven't configured ssh in any particular way, so it comes from the
> port forwarding.  Note that, earlier in this thread, a user confirmed my
> bug report.  In short, the patch enriches comint-password-prompt-regexp
> to take this password prompt into account.  Maybe there is a simpler way
> to reproduce it, but I am unaware of it.
>
> Does that make sense?

Yep. I've pushed your patch to the master branch, closing the bug.

Best regards, Michael.


[Message part 3 (message/rfc822, inline)]
From: André A. Gomes <andremegafone <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 30.2; shell-mode doesn't hide password
Date: Wed, 10 Sep 2025 16:08:47 +0100

Hello,

I'm using shell-mode to copy a file to a remote machine:

--8<---------------cut here---------------start------------->8---
scp /file/path host-name:/file/path
--8<---------------cut here---------------end--------------->8---

The ssh connection requires inserting the password and I'd expect that
shell-mode would replace each of the characters with a placeholder (like
asterisks).  However, it exposes the password on the screen.

In case it matters, the remote machine is a FreeBSD machine running
locally on QEMU, where I am passing the flag "-net
user,hostfwd=tcp::2222-:22".

Thanks.


-- 
André A. Gomes
"You cannot even find the ruins..."
This bug report was last modified today.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.