* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
@ 2014-03-28 0:32 Nathan Trapuzzano
2014-03-28 2:04 ` Stefan Monnier
2019-09-29 14:35 ` Lars Ingebrigtsen
0 siblings, 2 replies; 7+ messages in thread
From: Nathan Trapuzzano @ 2014-03-28 0:32 UTC (permalink / raw)
To: 17127
To reproduce with emacs -nw -q on 24.3 and trunk:
M-: (global-set-key
(kbd "C-c C-c")
(lambda ()
(interactive)
(call-process "echo" nil t nil "-n" "foobar")))
M-: (read-passwd "Password: ")
C-c C-c
"foobar" is printed in the minibuffer rather than "......", whereas,
e.g., yanking from the kill ring print dots.
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano
@ 2014-03-28 2:04 ` Stefan Monnier
2014-03-28 2:39 ` Nathan Trapuzzano
2019-09-29 14:35 ` Lars Ingebrigtsen
1 sibling, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2014-03-28 2:04 UTC (permalink / raw)
To: Nathan Trapuzzano; +Cc: 17127
> To reproduce with emacs -nw -q on 24.3 and trunk:
> M-: (global-set-key
> (kbd "C-c C-c")
> (lambda ()
> (interactive)
> (call-process "echo" nil t nil "-n" "foobar")))
> M-: (read-passwd "Password: ")
> C-c C-c
This looks fairly contrived. How did you stumble upon this problem?
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2014-03-28 2:04 ` Stefan Monnier
@ 2014-03-28 2:39 ` Nathan Trapuzzano
0 siblings, 0 replies; 7+ messages in thread
From: Nathan Trapuzzano @ 2014-03-28 2:39 UTC (permalink / raw)
To: Stefan Monnier; +Cc: 17127
Stefan Monnier <monnier@IRO.UMontreal.CA> writes:
> This looks fairly contrived. How did you stumble upon this problem?
Copy/pasting passwords from console password manager to emacs running on
terminal emulator in X. The built-in copy/paste functionaly for the X
clipboard only works (AFAIK) with graphical emacs, so I use my own
commands to make it work on a terminal. Here's the one that made me
catch it:
(defun paste-from-X-clipboard ()
"Insert the X clipboard contents at point."
(interactive)
(call-process "xclip" nil t nil "-selection" "clipboard" "-o"))
I use that to paste passwords when, e.g., finding remote files via
ssh/TRAMP.
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano
2014-03-28 2:04 ` Stefan Monnier
@ 2019-09-29 14:35 ` Lars Ingebrigtsen
2019-10-13 3:16 ` Lars Ingebrigtsen
2019-10-23 22:01 ` Stefan Monnier
1 sibling, 2 replies; 7+ messages in thread
From: Lars Ingebrigtsen @ 2019-09-29 14:35 UTC (permalink / raw)
To: Nathan Trapuzzano; +Cc: 17127
Nathan Trapuzzano <nbtrap@nbtrap.com> writes:
> To reproduce with emacs -nw -q on 24.3 and trunk:
>
> M-: (global-set-key
> (kbd "C-c C-c")
> (lambda ()
> (interactive)
> (call-process "echo" nil t nil "-n" "foobar")))
>
> M-: (read-passwd "Password: ")
>
> C-c C-c
>
> "foobar" is printed in the minibuffer rather than "......", whereas,
> e.g., yanking from the kill ring print dots.
The following patch fixes this, I think, by using post-command-hook
instead of after-change-functions.
It seems to work for me -- does anybody see a problem with doing it this
way?
diff --git a/lisp/subr.el b/lisp/subr.el
index 45b99a82d2..9e4553dcbb 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2426,6 +2426,12 @@ read-passwd-map
map)
"Keymap used while reading passwords.")
+(defun read-password--hide-password ()
+ (let ((beg (minibuffer-prompt-end)))
+ (dotimes (i (1+ (- (buffer-size) beg)))
+ (put-text-property (+ i beg) (+ 1 i beg)
+ 'display (string (or read-hide-char ?*))))))
+
(defun read-passwd (prompt &optional confirm default)
"Read a password, prompting with PROMPT, and return it.
If optional CONFIRM is non-nil, read the password twice to make sure.
@@ -2450,15 +2456,7 @@ read-passwd
(message "Password not repeated accurately; please start over")
(sit-for 1))))
success)
- (let ((hide-chars-fun
- (lambda (beg end _len)
- (clear-this-command-keys)
- (setq beg (min end (max (minibuffer-prompt-end)
- beg)))
- (dotimes (i (- end beg))
- (put-text-property (+ i beg) (+ 1 i beg)
- 'display (string (or read-hide-char ?*))))))
- minibuf)
+ (let (minibuf)
(minibuffer-with-setup-hook
(lambda ()
(setq minibuf (current-buffer))
@@ -2469,7 +2467,7 @@ read-passwd
(use-local-map read-passwd-map)
(setq-local inhibit-modification-hooks nil) ;bug#15501.
(setq-local show-paren-mode nil) ;bug#16091.
- (add-hook 'after-change-functions hide-chars-fun nil 'local))
+ (add-hook 'post-command-hook 'read-password--hide-password nil t))
(unwind-protect
(let ((enable-recursive-minibuffers t)
(read-hide-char (or read-hide-char ?*)))
@@ -2479,7 +2477,8 @@ read-passwd
;; Not sure why but it seems that there might be cases where the
;; minibuffer is not always properly reset later on, so undo
;; whatever we've done here (bug#11392).
- (remove-hook 'after-change-functions hide-chars-fun 'local)
+ (remove-hook 'after-change-functions 'read-password--hide-password
+ 'local)
(kill-local-variable 'post-self-insert-hook)
;; And of course, don't keep the sensitive data around.
(erase-buffer))))))))
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply related [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2019-09-29 14:35 ` Lars Ingebrigtsen
@ 2019-10-13 3:16 ` Lars Ingebrigtsen
2019-10-23 22:01 ` Stefan Monnier
1 sibling, 0 replies; 7+ messages in thread
From: Lars Ingebrigtsen @ 2019-10-13 3:16 UTC (permalink / raw)
To: Nathan Trapuzzano; +Cc: 17127
Lars Ingebrigtsen <larsi@gnus.org> writes:
>> "foobar" is printed in the minibuffer rather than "......", whereas,
>> e.g., yanking from the kill ring print dots.
>
> The following patch fixes this, I think, by using post-command-hook
> instead of after-change-functions.
>
> It seems to work for me -- does anybody see a problem with doing it this
> way?
There were no comments in two weeks, so I've now applied the patch.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2019-09-29 14:35 ` Lars Ingebrigtsen
2019-10-13 3:16 ` Lars Ingebrigtsen
@ 2019-10-23 22:01 ` Stefan Monnier
2019-10-24 11:49 ` Lars Ingebrigtsen
1 sibling, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2019-10-23 22:01 UTC (permalink / raw)
To: Lars Ingebrigtsen; +Cc: Nathan Trapuzzano, 17127
> The following patch fixes this, I think, by using post-command-hook
> instead of after-change-functions.
Actually, in theory after-change-functions should catch all cases
whereas post-command-hook might miss some (i.e. chars inserted not
while running a command, e.g. from a process filter).
So while your new code probably works fine in practice (and is a good
workaround for now) , I think the original code is "more correct" and we
should try and figure out why it didn't work: how come
after-change-functions is not run (or not correctly) by call-process?
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#17127: `call-process' circumvents password concealment w/ `read-passwd'
2019-10-23 22:01 ` Stefan Monnier
@ 2019-10-24 11:49 ` Lars Ingebrigtsen
0 siblings, 0 replies; 7+ messages in thread
From: Lars Ingebrigtsen @ 2019-10-24 11:49 UTC (permalink / raw)
To: Stefan Monnier; +Cc: Nathan Trapuzzano, 17127
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> The following patch fixes this, I think, by using post-command-hook
>> instead of after-change-functions.
>
> Actually, in theory after-change-functions should catch all cases
> whereas post-command-hook might miss some (i.e. chars inserted not
> while running a command, e.g. from a process filter).
>
> So while your new code probably works fine in practice (and is a good
> workaround for now) , I think the original code is "more correct" and we
> should try and figure out why it didn't work: how come
> after-change-functions is not run (or not correctly) by call-process?
Yeah, that's a good point. Data inserted by call-process definitely
changes the buffer, so after-change-functions should be run.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-10-24 11:49 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-28 0:32 bug#17127: `call-process' circumvents password concealment w/ `read-passwd' Nathan Trapuzzano
2014-03-28 2:04 ` Stefan Monnier
2014-03-28 2:39 ` Nathan Trapuzzano
2019-09-29 14:35 ` Lars Ingebrigtsen
2019-10-13 3:16 ` Lars Ingebrigtsen
2019-10-23 22:01 ` Stefan Monnier
2019-10-24 11:49 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).