From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Sebastian Wiesner <swiesner@lunaryorn.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#17839: 24.4.50;
	read-passwd echoes password input in non-interactive sessions
Date: Mon, 23 Jun 2014 18:52:34 +0200
Message-ID: <FE63033F-6992-4A96-B4E6-C311056E071D@lunaryorn.com>
References: <m2y4wnu42e.fsf@lunaryorn.com> <mvm38evy6fk.fsf@hawking.suse.de>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1403547896 10993 80.91.229.3 (23 Jun 2014 18:24:56 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 23 Jun 2014 18:24:56 +0000 (UTC)
Cc: 17839@debbugs.gnu.org
To: Andreas Schwab <schwab@suse.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jun 23 20:24:49 2014
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Wz8v8-0003bB-8H
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 23 Jun 2014 20:24:46 +0200
Original-Received: from localhost ([::1]:55385 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Wz8v7-0005A1-Fz
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 23 Jun 2014 14:24:45 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56651)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Wz7US-000727-Rl
	for bug-gnu-emacs@gnu.org; Mon, 23 Jun 2014 12:53:15 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Wz7UM-000216-Ai
	for bug-gnu-emacs@gnu.org; Mon, 23 Jun 2014 12:53:08 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:39054)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Wz7UM-000211-8N
	for bug-gnu-emacs@gnu.org; Mon, 23 Jun 2014 12:53:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Wz7UL-0003Y2-Q9
	for bug-gnu-emacs@gnu.org; Mon, 23 Jun 2014 12:53:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Sebastian Wiesner <swiesner@lunaryorn.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 23 Jun 2014 16:53:01 +0000
Resent-Message-ID: <handler.17839.B17839.140354237013617@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 17839
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 17839-submit@debbugs.gnu.org id=B17839.140354237013617
	(code B ref 17839); Mon, 23 Jun 2014 16:53:01 +0000
Original-Received: (at 17839) by debbugs.gnu.org; 23 Jun 2014 16:52:50 +0000
Original-Received: from localhost ([127.0.0.1]:58437 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Wz7U5-0003XS-2H
	for submit@debbugs.gnu.org; Mon, 23 Jun 2014 12:52:50 -0400
Original-Received: from vega.uberspace.de ([95.143.172.245]:49292)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <swiesner@lunaryorn.com>) id 1Wz7Tx-0003X9-Nr
	for 17839@debbugs.gnu.org; Mon, 23 Jun 2014 12:52:43 -0400
Original-Received: (qmail 14475 invoked from network); 23 Jun 2014 16:52:36 -0000
Original-Received: from localhost (HELO ?IPv6:2001:a60:1685:3d01:8c41:4f8a:2b26:3e3c?)
	(127.0.0.1)
	by vega.uberspace.de with SMTP; 23 Jun 2014 16:52:36 -0000
In-Reply-To: <mvm38evy6fk.fsf@hawking.suse.de>
X-Mailer: Apple Mail (2.1878.2)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:90705
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/90705>


Am 23.06.2014 um 17:46 schrieb Andreas Schwab <schwab@suse.de>:

> Sebastian Wiesner <swiesner@lunaryorn.com> writes:
>=20
>> In a non-interactive session, i.e. "emacs -Q --batch =85", =
`read-passwd'
>> currently echoes the password input on the TTY.
>=20
> Batch mode isn't designed for interaction. It uses standard I/O,
> oblivious to who is consuming the input.

In this case `read-passwd=92 should at least signal an error when called =
in non-interactive mode, and have a warning in its doctoring. =20

Currently it is simply insecure in non-interactive mode, and neither its =
docstring nor the Emacs Lisp manual document that the password is =
exposed when called in non-interactive mode.=