From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tino Calancha Newsgroups: gmane.emacs.bugs Subject: bug#30190: 27.0.50; term run in line mode shows user passwords Date: Thu, 15 Feb 2018 09:09:50 +0900 Message-ID: <87wozfkt9t.fsf@gmail.com> References: <87r2qjh0fs.fsf@gmail.com> <87mv17nwe4.fsf@users.sourceforge.net> <87efm259s5.fsf@gmail.com> <83vafe9f16.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1518653384 6825 195.159.176.226 (15 Feb 2018 00:09:44 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 15 Feb 2018 00:09:44 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 30190@debbugs.gnu.org, Richard Stallman , npostavs@users.sourceforge.net To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Feb 15 01:09:39 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1em774-0000Rh-US for geb-bug-gnu-emacs@m.gmane.org; Thu, 15 Feb 2018 01:09:23 +0100 Original-Received: from localhost ([::1]:46338 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1em796-0006aJ-Ql for geb-bug-gnu-emacs@m.gmane.org; Wed, 14 Feb 2018 19:11:28 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44160) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1em78y-0006ZK-HJ for bug-gnu-emacs@gnu.org; Wed, 14 Feb 2018 19:11:21 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1em78h-0008SK-0e for bug-gnu-emacs@gnu.org; Wed, 14 Feb 2018 19:11:20 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:35568) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1em78g-0008S8-Qz for bug-gnu-emacs@gnu.org; Wed, 14 Feb 2018 19:11:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1em78g-0005hx-99 for bug-gnu-emacs@gnu.org; Wed, 14 Feb 2018 19:11:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Tino Calancha Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 15 Feb 2018 00:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 30190 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed security Original-Received: via spool by 30190-submit@debbugs.gnu.org id=B30190.151865340621701 (code B ref 30190); Thu, 15 Feb 2018 00:11:02 +0000 Original-Received: (at 30190) by debbugs.gnu.org; 15 Feb 2018 00:10:06 +0000 Original-Received: from localhost ([127.0.0.1]:43465 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1em77l-0005dt-MM for submit@debbugs.gnu.org; Wed, 14 Feb 2018 19:10:06 -0500 Original-Received: from mail-pg0-f50.google.com ([74.125.83.50]:41412) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1em77j-0005cu-OY for 30190@debbugs.gnu.org; Wed, 14 Feb 2018 19:10:04 -0500 Original-Received: by mail-pg0-f50.google.com with SMTP id t4so2877869pgp.8 for <30190@debbugs.gnu.org>; Wed, 14 Feb 2018 16:10:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=rMCliFsy4twZBmuEyZR/dofEbLgBJGT0Y4+9TVCeKYw=; b=QZV0VS59TfRzUOLnBUt1SsW25YetzUeXr2DeKylIi1PVh3hct4BN6RrSjn1NeEzgiv w9PjygesOuy2EiEeYvp28Eou2txlxMiABNuHBTC0f2MJE7UbC658/9Cd06ch32JO66r1 k15dq+iyFL6NLcnbV2vRYAw8nPY03Kk6B05f07UJh4orF2A0a3BKhXiaZZPsm7IoTG6o xBahiE/xZF8gxJh8jdJMpp3KO+i2CC+a0yz8/nU3BAH1GIqKECzb40m8dobSPGq152B2 LBpGJaUCWKNlYLV/Fl6hReJa09X+hwQxnsv5e5vJ3gsaQdFBooVK8gemt4DJ4JZ1r9ee +8Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=rMCliFsy4twZBmuEyZR/dofEbLgBJGT0Y4+9TVCeKYw=; b=lFgZM8uicoZs2N/nYMERgy3OXTREJ1K2TmyoVad1EUdtrb/noT8tnqx8CIkdH1L8yC oLXvh+Y8QgMOZNVKh7BFnI31cGd2nMiEhVdoX3d6mKRezHW55Pfe/eI+5Msk46SNBnyo 7NYgq0PNVBZtjkdpZ/1ny5wzBx3sC5UVlBuYGqA0uMwN1kWD018BSya34xcBS1TcU+ux +CwX0r2T2Wp8WUhdmMQuc8jbPwUeBUuDR+mg1IOwqbjNHRStEoJvbmWk6qYfRIXMi3fu A8Os8jQsKOjpWSJ/GgPCSbwszKbdpGiGXORYY/DB7vN3n+kgSl73xXnF3RQPCvZ7n0RY vocA== X-Gm-Message-State: APf1xPCuvOKlPNfwmYvp7Xos/667qkVw+ShfpxraBWbhjwnTFTi9HeYE oyh4Wm90io+bHjPNyXGSz3I= X-Google-Smtp-Source: AH8x225t35C21N1N5By2G9vZH1hil0k9owYekgSQ7gxXPtTN6yUBhKbG7DqaBR7oabmZpMkZlNAKAw== X-Received: by 10.99.131.198 with SMTP id h189mr628833pge.25.1518653397836; Wed, 14 Feb 2018 16:09:57 -0800 (PST) Original-Received: from calancha-pc (FL1-125-193-170-29.tky.mesh.ad.jp. [125.193.170.29]) by smtp.gmail.com with ESMTPSA id b88sm29943885pfd.108.2018.02.14.16.09.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Feb 2018 16:09:56 -0800 (PST) In-Reply-To: (Tino Calancha's message of "Sun, 4 Feb 2018 12:40:07 +0900 (JST)") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:143294 Archived-At: Tino Calancha writes: > On Sat, 3 Feb 2018, Eli Zaretskii wrote: > >> My feedback is that such a radical solution with so many lines of code >> is a no-no for the release branch. Please look for a simpler >> solution, perhaps don't create a new file? > A suitable patch for the next release for discussion below: My patch is not satisfactory. It uses functions that haven't been tested enough: `term-send-invisible' and `term-read-noecho' are not used in the Emacs source tree: after playing a bit with the patch I found some problems (I even crashed Emacs several times, not so fun). I) `term-read-noecho' doesn't expect the user might hit , , `C-p' or `C-n'; it will try to convert these things to strings and return them. II) `term-send-invisible' doesn't cancel if the user hit `C-g'; instead it pass nil as the string for the process. The reason is how `term-read-noecho' handles `C-g'. My Emacs session crashes if I do (using the patch in this thread): M-x term RET C-c C-j sudo ls RET C-g C-g ;; Emacs crash! Note that I) and II) don't suppose any problem in a *shell* buffer if calling `send-invisible', which uses the more robust `read-passwd'. So I want to avoid using the not well tested `term-read-noecho'. Instead, I propose to use `read-passwd' as elsewhere within Emacs. This is the updated patch: --8<-----------------------------cut here---------------start------------->= 8--- commit 6254b0aca3c91ebd6d41f865c1cdcc13166c066d Author: tino calancha Date: Thu Feb 15 08:58:45 2018 +0900 Prevent term run in line mode from showing user passwords =20=20=20=20 For buffers whose mode derive from comint-mode, the user password is read from the minibuffer and it's hidden. A buffer in term-mode and line submode, instead shows the passwords. This commit forces buffers in line term-mode to hide passwords (Bug#30190). =20=20=20=20 * lisp/term.el (term-send-invisible): Prefer the more robust `read-passwd' instead of `term-read-noecho'. =20=20=20=20 (term-password-prompt-regexp): New user option. (term-watch-for-password-prompt): New function. =20=20=20=20 (term-send-input, term-emulate-terminal): Call it. (term-output-filter-hook): New hook. Add term-watch-for-password-prompt to it. =20=20=20=20 (term-send-input, term-emulate-terminal): Call the new hook each time we receive output. diff --git a/lisp/term.el b/lisp/term.el index 3970e93cf1..484a26cd7a 100644 --- a/lisp/term.el +++ b/lisp/term.el @@ -558,6 +558,27 @@ term-suppress-hard-newline ;; indications of the current pc. (defvar term-pending-frame nil) =20 +;; Stolen from comint.el +(defcustom term-password-prompt-regexp + (concat + "\\(^ *\\|" + (regexp-opt + '("Enter" "enter" "Enter same" "enter same" "Enter the" "enter the" + "Old" "old" "New" "new" "'s" "login" + "Kerberos" "CVS" "UNIX" " SMB" "LDAP" "PEM" "SUDO" + "[sudo]" "Repeat" "Bad" "Retype") + t) + " +\\)" + "\\(?:" (regexp-opt password-word-equivalents) "\\|Response\\)" + "\\(?:\\(?:, try\\)? *again\\| (empty for no passphrase)\\| (again)\\)?" + ;; "[[:alpha:]]" used to be "for", which fails to match non-English. + "\\(?: [[:alpha:]]+ .+\\)?[\\s =C2=A0]*[:=EF=BC=9A=E1=9F=96][\\s =C2=A0= ]*\\'") + "Regexp matching prompts for passwords in the inferior process. +This is used by `term-watch-for-password-prompt'." + :version "26.1" + :type 'regexp + :group 'comint) + ;;; Here are the per-interpreter hooks. (defvar term-get-old-input (function term-get-old-input-default) "Function that submits old text in term mode. @@ -586,6 +607,17 @@ term-input-filter-functions =20 This variable is buffer-local.") =20 +;;; Stolen from comint.el +;;;###autoload +(defvar term-output-filter-hook '(term-watch-for-password-prompt) + "Functions to call after output is inserted into the buffer. +One possible function is `term-watch-for-password-prompt'. +These functions get one argument, a string containing the text as original= ly +inserted. + +You can use `add-hook' to add functions to this list +either globally or locally.") + (defvar term-input-sender (function term-simple-send) "Function to actually send to PROCESS the STRING submitted by user. Usually this is just `term-simple-send', but if your mode needs to @@ -2134,7 +2166,8 @@ term-send-input (set-marker term-pending-delete-marker pmark-val) (set-marker (process-mark proc) (point))) (goto-char pmark) - (funcall term-input-sender proc input))))) + (funcall term-input-sender proc input) + (run-hook-with-args 'term-output-filter-hook ""))))) =20 (defun term-get-old-input-default () "Default for `term-get-old-input'. @@ -2255,7 +2288,8 @@ term-send-invisible \\[view-lossage]." (interactive "P") ; Defeat snooping via C-x esc (when (not (stringp str)) - (setq str (term-read-noecho "Non-echoed text: " t))) + (let ((read-hide-char ?*)) + (setq str (read-passwd "Non-echoed text: ")))) (when (not proc) (setq proc (get-buffer-process (current-buffer)))) (if (not proc) (error "Current buffer has no process") @@ -2264,6 +2298,21 @@ term-send-invisible (term-send-string proc str) (term-send-string proc "\n"))) =20 +;;; Stolen from comint.el +;; TODO: This file share plenty of code with comint.el; it might be worth +;; to extract the common functionality into a new file. +(defun term-watch-for-password-prompt (string) + "Prompt in the minibuffer for password and send without echoing. +This function uses `term-send-invisible' to read and send a password to th= e buffer's +process if STRING contains a password prompt defined by +`term-password-prompt-regexp'. + +This function could be in the list `term-emulate-terminal'." + (when (term-in-line-mode) + (when (let ((case-fold-search t)) + (string-match term-password-prompt-regexp string)) + (term-send-invisible nil)))) + ;;; Low-level process communication =20 @@ -3121,6 +3170,8 @@ term-emulate-terminal (term-handle-deferred-scroll)) =20 (set-marker (process-mark proc) (point)) + ;; Run these hooks with point where the user had it. + (run-hook-with-args 'term-output-filter-hook str) (when save-point (goto-char save-point) (set-marker save-point nil)) --8<-----------------------------cut here---------------end--------------->= 8--- In GNU Emacs 26.0.91 (build 15, x86_64-pc-linux-gnu, GTK+ Version 3.22.11) of 2018-02-15 built on calancha-pc Repository revision: 874c0edf30308392bdba870e92247d7e4b0e66f4 Windowing system distributor 'The X.Org Foundation', version 11.0.11902000 System Description: Debian GNU/Linux 9.3 (stretch)