* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
@ 2014-03-28 0:32 Nathan Trapuzzano
2014-03-28 2:04 ` Stefan Monnier
2019-09-29 14:35 ` Lars Ingebrigtsen
0 siblings, 2 replies; 7+ messages in thread
From: Nathan Trapuzzano @ 2014-03-28 0:32 UTC (permalink / raw)
To: 17127
To reproduce with emacs -nw -q on 24.3 and trunk:
M-: (global-set-key
(kbd "C-c C-c")
(lambda ()
(interactive)
(call-process "echo" nil t nil "-n" "foobar")))
M-: (read-passwd "Password: ")
C-c C-c
"foobar" is printed in the minibuffer rather than "......", whereas,
e.g., yanking from the kill ring print dots.
^ permalink raw reply [flat|nested] 7+ messages in thread* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano @ 2014-03-28 2:04 ` Stefan Monnier 2014-03-28 2:39 ` Nathan Trapuzzano 2019-09-29 14:35 ` Lars Ingebrigtsen 1 sibling, 1 reply; 7+ messages in thread From: Stefan Monnier @ 2014-03-28 2:04 UTC (permalink / raw) To: Nathan Trapuzzano; +Cc: 17127 > To reproduce with emacs -nw -q on 24.3 and trunk: > M-: (global-set-key > (kbd "C-c C-c") > (lambda () > (interactive) > (call-process "echo" nil t nil "-n" "foobar"))) > M-: (read-passwd "Password: ") > C-c C-c This looks fairly contrived. How did you stumble upon this problem? Stefan ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2014-03-28 2:04 ` Stefan Monnier @ 2014-03-28 2:39 ` Nathan Trapuzzano 0 siblings, 0 replies; 7+ messages in thread From: Nathan Trapuzzano @ 2014-03-28 2:39 UTC (permalink / raw) To: Stefan Monnier; +Cc: 17127 Stefan Monnier <monnier@IRO.UMontreal.CA> writes: > This looks fairly contrived. How did you stumble upon this problem? Copy/pasting passwords from console password manager to emacs running on terminal emulator in X. The built-in copy/paste functionaly for the X clipboard only works (AFAIK) with graphical emacs, so I use my own commands to make it work on a terminal. Here's the one that made me catch it: (defun paste-from-X-clipboard () "Insert the X clipboard contents at point." (interactive) (call-process "xclip" nil t nil "-selection" "clipboard" "-o")) I use that to paste passwords when, e.g., finding remote files via ssh/TRAMP. ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano 2014-03-28 2:04 ` Stefan Monnier @ 2019-09-29 14:35 ` Lars Ingebrigtsen 2019-10-13 3:16 ` Lars Ingebrigtsen 2019-10-23 22:01 ` Stefan Monnier 1 sibling, 2 replies; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-09-29 14:35 UTC (permalink / raw) To: Nathan Trapuzzano; +Cc: 17127 Nathan Trapuzzano <nbtrap@nbtrap.com> writes: > To reproduce with emacs -nw -q on 24.3 and trunk: > > M-: (global-set-key > (kbd "C-c C-c") > (lambda () > (interactive) > (call-process "echo" nil t nil "-n" "foobar"))) > > M-: (read-passwd "Password: ") > > C-c C-c > > "foobar" is printed in the minibuffer rather than "......", whereas, > e.g., yanking from the kill ring print dots. The following patch fixes this, I think, by using post-command-hook instead of after-change-functions. It seems to work for me -- does anybody see a problem with doing it this way? diff --git a/lisp/subr.el b/lisp/subr.el index 45b99a82d2..9e4553dcbb 100644 --- a/lisp/subr.el +++ b/lisp/subr.el @@ -2426,6 +2426,12 @@ read-passwd-map map) "Keymap used while reading passwords.") +(defun read-password--hide-password () + (let ((beg (minibuffer-prompt-end))) + (dotimes (i (1+ (- (buffer-size) beg))) + (put-text-property (+ i beg) (+ 1 i beg) + 'display (string (or read-hide-char ?*)))))) + (defun read-passwd (prompt &optional confirm default) "Read a password, prompting with PROMPT, and return it. If optional CONFIRM is non-nil, read the password twice to make sure. @@ -2450,15 +2456,7 @@ read-passwd (message "Password not repeated accurately; please start over") (sit-for 1)))) success) - (let ((hide-chars-fun - (lambda (beg end _len) - (clear-this-command-keys) - (setq beg (min end (max (minibuffer-prompt-end) - beg))) - (dotimes (i (- end beg)) - (put-text-property (+ i beg) (+ 1 i beg) - 'display (string (or read-hide-char ?*)))))) - minibuf) + (let (minibuf) (minibuffer-with-setup-hook (lambda () (setq minibuf (current-buffer)) @@ -2469,7 +2467,7 @@ read-passwd (use-local-map read-passwd-map) (setq-local inhibit-modification-hooks nil) ;bug#15501. (setq-local show-paren-mode nil) ;bug#16091. - (add-hook 'after-change-functions hide-chars-fun nil 'local)) + (add-hook 'post-command-hook 'read-password--hide-password nil t)) (unwind-protect (let ((enable-recursive-minibuffers t) (read-hide-char (or read-hide-char ?*))) @@ -2479,7 +2477,8 @@ read-passwd ;; Not sure why but it seems that there might be cases where the ;; minibuffer is not always properly reset later on, so undo ;; whatever we've done here (bug#11392). - (remove-hook 'after-change-functions hide-chars-fun 'local) + (remove-hook 'after-change-functions 'read-password--hide-password + 'local) (kill-local-variable 'post-self-insert-hook) ;; And of course, don't keep the sensitive data around. (erase-buffer)))))))) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply related [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2019-09-29 14:35 ` Lars Ingebrigtsen @ 2019-10-13 3:16 ` Lars Ingebrigtsen 2019-10-23 22:01 ` Stefan Monnier 1 sibling, 0 replies; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-10-13 3:16 UTC (permalink / raw) To: Nathan Trapuzzano; +Cc: 17127 Lars Ingebrigtsen <larsi@gnus.org> writes: >> "foobar" is printed in the minibuffer rather than "......", whereas, >> e.g., yanking from the kill ring print dots. > > The following patch fixes this, I think, by using post-command-hook > instead of after-change-functions. > > It seems to work for me -- does anybody see a problem with doing it this > way? There were no comments in two weeks, so I've now applied the patch. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2019-09-29 14:35 ` Lars Ingebrigtsen 2019-10-13 3:16 ` Lars Ingebrigtsen @ 2019-10-23 22:01 ` Stefan Monnier 2019-10-24 11:49 ` Lars Ingebrigtsen 1 sibling, 1 reply; 7+ messages in thread From: Stefan Monnier @ 2019-10-23 22:01 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: Nathan Trapuzzano, 17127 > The following patch fixes this, I think, by using post-command-hook > instead of after-change-functions. Actually, in theory after-change-functions should catch all cases whereas post-command-hook might miss some (i.e. chars inserted not while running a command, e.g. from a process filter). So while your new code probably works fine in practice (and is a good workaround for now) , I think the original code is "more correct" and we should try and figure out why it didn't work: how come after-change-functions is not run (or not correctly) by call-process? Stefan ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd' 2019-10-23 22:01 ` Stefan Monnier @ 2019-10-24 11:49 ` Lars Ingebrigtsen 0 siblings, 0 replies; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-10-24 11:49 UTC (permalink / raw) To: Stefan Monnier; +Cc: Nathan Trapuzzano, 17127 Stefan Monnier <monnier@iro.umontreal.ca> writes: >> The following patch fixes this, I think, by using post-command-hook >> instead of after-change-functions. > > Actually, in theory after-change-functions should catch all cases > whereas post-command-hook might miss some (i.e. chars inserted not > while running a command, e.g. from a process filter). > > So while your new code probably works fine in practice (and is a good > workaround for now) , I think the original code is "more correct" and we > should try and figure out why it didn't work: how come > after-change-functions is not run (or not correctly) by call-process? Yeah, that's a good point. Data inserted by call-process definitely changes the buffer, so after-change-functions should be run. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-10-24 11:49 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano 2014-03-28 2:04 ` Stefan Monnier 2014-03-28 2:39 ` Nathan Trapuzzano 2019-09-29 14:35 ` Lars Ingebrigtsen 2019-10-13 3:16 ` Lars Ingebrigtsen 2019-10-23 22:01 ` Stefan Monnier 2019-10-24 11:49 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).