bug#36154: 26.2; read-passwd function creates a security issue

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Phil Sainty <psainty@orcon.net.nz>
To: Noam Postavsky <npostavs@gmail.com>
Cc: Ahmet BASTUG <bastugn@itu.edu.tr>,
	36154@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>
Subject: bug#36154: 26.2; read-passwd function creates a security issue
Date: Thu, 10 Oct 2019 16:01:47 +1300	[thread overview]
Message-ID: <2caa617d3aa54a8f441b5a0fa080c899@webmail.orcon.net.nz> (raw)
In-Reply-To: <87v9sx77bf.fsf@gmail.com>

On 2019-10-10 13:49, Noam Postavsky wrote:
> Phil Sainty <psainty@orcon.net.nz> writes:
>> A potential solution to this would to make the low-level kill 
>> functions
>> respect a new `inhibit-kill-ring' variable, such that nothing would be
>> added to the kill ring if that was non-nil.
> 
> IMO, it would be bettter to rebind the kill commands to corresponding
> delete commands in read-passwd-map.

My main argument against that (at least as a complete solution) is that
is necessitates *knowing* what all the kill commands are, and what their
corresponding delete commands would be.

This would also mean maintaining that moving forwards for standard
commands; but that still wouldn't account for arbitrary third-party and
custom commands which call `kill-new'.

I think such remapping of standard commands would be entirely reasonable
as an *additional* step (particularly if it was wrapped into a minor 
mode),
but personally I think there is a greater benefit (with wider 
application)
in the `inhibit-kill-ring' notion.

-Phil

     prev parent reply	other threads:[~2019-10-10  3:01 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-09 20:01 bug#36154: 26.2; read-passwd function creates a security issue Ahmet BASTUG
2019-10-09 23:25 ` Lars Ingebrigtsen
2019-10-10  0:30   ` Phil Sainty
2019-10-10  0:49     ` Noam Postavsky
2019-10-10  3:01       ` Phil Sainty [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2caa617d3aa54a8f441b5a0fa080c899@webmail.orcon.net.nz \
    --to=psainty@orcon.net.nz \
    --cc=36154@debbugs.gnu.org \
    --cc=bastugn@itu.edu.tr \
    --cc=larsi@gnus.org \
    --cc=npostavs@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.