From: Stefan Kangas <stefan@marxist.se>
To: Marcin Borkowski <mbork@amu.edu.pl>
Cc: 20910-done@debbugs.gnu.org, aurelien <aurelien@hackers.camp>,
Stefan Monnier <monnier@iro.umontreal.ca>
Subject: bug#20910: 24.4; *shell* write the password in clear in the buffer on git push
Date: Thu, 07 Nov 2019 01:49:47 +0100 [thread overview]
Message-ID: <87mud8wlw4.fsf@marxist.se> (raw)
In-Reply-To: <CADwFkmkGfKGVbw70q4AnGgtp-gFBe5SVY=hkZA5NaU3yJfcx=w@mail.gmail.com> (Stefan Kangas's message of "Sun, 6 Oct 2019 03:46:06 +0200")
Stefan Kangas <stefan@marxist.se> writes:
>>>> M-x shell
>>>> git add mysupersoftware.py
>>>> git commit -m "pay attention of the pep8 thanks M-x py-pep8-run"
>>>> git push
>>>> shell $ request for the password of the git, and print it in clear in
>>>> the buffer
>>>
>>> Can you show us the actual password prompt (which is the only info that
>>> Emacs gets that a password is being requested, so it needs to recognize
>>> it, and those prompts change with language settings and stuff, so it's
>>> very heuristic and messy).
>>
>> I suspect that this might depend on Git version and configuration, and
>> things like gpg-agent. In my case, it displayed a window (in WM sense,
>> not in Emacs sense) asking for password, and only after clicking
>> "Cancel", it asked within Emacs. The prompt was:
>>
>> Password for 'https://mbork@github.com':
>>
>> and indeed the characters of the password were visible.
>>
>>> Stefan
>>
>> Best,
>
> Hi Marcin,
>
> When I try the following on Emacs 26.1, I get no error:
>
> (progn
> (require 'comint)
> (or
> (string-match comint-password-prompt-regexp
> "Password for 'https://foo@example.org: ")
> (error "NO MATCH")))
>
> This suggests to me that a prompt such as the above should work under
> M-x shell, since that is built on top of comint.
>
> Could you verify that this works for you on Emacs 26.1 or later?
More information was requested, but none was given within 4 weeks.
I went ahead and added a string to test for the above to the test
suite in commit 1428dfe630, and with that I'm closing this bug.
Best regards,
Stefan Kangas
prev parent reply other threads:[~2019-11-07 0:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-27 7:17 bug#20910: 24.4; *shell* write the password in clear in the buffer on git push aurelien
[not found] ` <handler.20910.B.143538951822696.ack@debbugs.gnu.org>
2015-06-27 7:32 ` bug#20910: Acknowledgement (24.4; *shell* write the password in clear in the buffer on git push) aurelien
2015-06-27 14:51 ` bug#20910: 24.4; *shell* write the password in clear in the buffer on git push Stefan Monnier
2016-04-23 8:45 ` Marcin Borkowski
2019-10-06 1:46 ` Stefan Kangas
2019-11-07 0:49 ` Stefan Kangas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mud8wlw4.fsf@marxist.se \
--to=stefan@marxist.se \
--cc=20910-done@debbugs.gnu.org \
--cc=aurelien@hackers.camp \
--cc=mbork@amu.edu.pl \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).