From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#30190: 27.0.50; term run in line mode shows user passwords Date: Wed, 18 Jul 2018 10:24:14 -0400 Message-ID: References: <87r2qjh0fs.fsf@gmail.com> <87mv17nwe4.fsf@users.sourceforge.net> <87efm259s5.fsf@gmail.com> <83vafe9f16.fsf@gnu.org> <87wozfkt9t.fsf@gmail.com> <87o9kiejd4.fsf@gmail.com> <83606q6xr7.fsf@gnu.org> <873718qpme.fsf@gmail.com> <87in6erte5.fsf@gmail.com> <83efh1s9s3.fsf@gnu.org> <87602drqan.fsf@gmail.com> <8336xgsvt3.fsf@gnu.org> <878t6892pv.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1531923792 4740 195.159.176.226 (18 Jul 2018 14:23:12 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 18 Jul 2018 14:23:12 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 30190@debbugs.gnu.org, Tino Calancha To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jul 18 16:23:08 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ffnMA-00017v-Rr for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Jul 2018 16:23:06 +0200 Original-Received: from localhost ([::1]:36923 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ffnOH-0008GR-Sr for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Jul 2018 10:25:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:32946) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ffnO7-0008G7-Ev for bug-gnu-emacs@gnu.org; Wed, 18 Jul 2018 10:25:13 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ffnO2-0001jQ-G2 for bug-gnu-emacs@gnu.org; Wed, 18 Jul 2018 10:25:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:42043) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ffnO2-0001jG-BM for bug-gnu-emacs@gnu.org; Wed, 18 Jul 2018 10:25:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ffnO2-0006Pk-51 for bug-gnu-emacs@gnu.org; Wed, 18 Jul 2018 10:25:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 18 Jul 2018 14:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 30190 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed security Original-Received: via spool by 30190-submit@debbugs.gnu.org id=B30190.153192385724584 (code B ref 30190); Wed, 18 Jul 2018 14:25:02 +0000 Original-Received: (at 30190) by debbugs.gnu.org; 18 Jul 2018 14:24:17 +0000 Original-Received: from localhost ([127.0.0.1]:47055 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ffnNJ-0006OS-Cz for submit@debbugs.gnu.org; Wed, 18 Jul 2018 10:24:17 -0400 Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:39815) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ffnNI-0006OL-28 for 30190@debbugs.gnu.org; Wed, 18 Jul 2018 10:24:16 -0400 Original-Received: from ceviche.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.7/8.14.1) with ESMTP id w6IEOv4V030718; Wed, 18 Jul 2018 10:24:58 -0400 Original-Received: by ceviche.home (Postfix, from userid 20848) id AA4C166101; Wed, 18 Jul 2018 10:24:14 -0400 (EDT) In-Reply-To: <878t6892pv.fsf@gmail.com> (Noam Postavsky's message of "Wed, 18 Jul 2018 07:56:44 -0400") X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 2 Rules triggered EDT_SA_DN_PASS=0, RV6332=0 X-NAI-Spam-Version: 2.3.0.9418 : core <6332> : inlines <6759> : streams <1792908> : uri <2675530> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:148635 Archived-At: Thanks Noam, looks good. Couldn't help send you some nitpicks, tho, Stefan > @@ -2288,7 +2289,8 @@ term-send-invisible > \\[view-lossage]." > (interactive "P") ; Defeat snooping via C-x esc > (when (not (stringp str)) > - (setq str (term-read-noecho "Non-echoed text: " t))) > + (let ((read-hide-char ?*)) > + (setq str (read-passwd "Non-echoed text: ")))) > (when (not proc) > (setq proc (get-buffer-process (current-buffer)))) > (if (not proc) (error "Current buffer has no process") Why do we need to bind `read-hide-char` here? More specifically, shouldn't `read-passwd` do that for us (hence if it doesn't yet, then the right patch is to add this let-binding to `read-passwd`)? > @@ -2297,6 +2299,17 @@ term-send-invisible > (term-send-string proc str) > (term-send-string proc "\n"))) > > +;; TODO: Maybe combine this with `comint-watch-for-password-prompt'. Would be nice, yes. > +(defun term-watch-for-password-prompt (string) > + "Prompt in the minibuffer for password and send without echoing. > +This function uses `term-send-invisible' to read and send a password to the buffer's > +process if STRING contains a password prompt defined by > +`comint-password-prompt-regexp'." "... uses `term-send-invisible' to read [...] a password ..." is incorrect, since the password is read by `read-passwd` rather than by term-send-invisible. But in any case I don't see any reason to document in the docstring what internal mechanism is used [ I just fixed the comint version of the function accordingly. ] > @@ -3152,6 +3165,9 @@ term-emulate-terminal > (term-handle-deferred-scroll)) > > (set-marker (process-mark proc) (point)) > + (when (stringp decoded-substring) > + (term-watch-for-password-prompt (prog1 decoded-substring > + (setq decoded-substring nil)))) I suggest you add a comment explaining why we set decoded-substring to nil.