|
From: | Tino Calancha |
Subject: | bug#30190: 27.0.50; term run in line mode shows user passwords |
Date: | Sun, 4 Feb 2018 11:23:40 +0900 (JST) |
User-agent: | Alpine 2.20 (DEB 67 2015-01-07) |
On Sat, 3 Feb 2018, Noam Postavsky wrote:
Tino Calancha <tino.calancha@gmail.com> writes:Noam Postavsky <npostavs@users.sourceforge.net> writes:Yes, seems to have been the case for a long time, I can reproduce back to 24.3 (oldest Emacs version I have running).This is a security risk. I would like to have it fixed ASAP. Below patch seems to work. Any feedback would be appreciated.Doesn't look like that much of a risk to me: the user immediately sees the problem, so it's more of a minor nuisance.
It depends of the situation. Few years ago, my boss watched my password because this thing; if the password would be an offensive wordagainst him (it wasn't, he was nice) I could be fired. I remember he mnetioned very proudly that in vi editor the password is always hidden...
This is also a risk while pair-programming; recently I am doing a lot with several buddies. I suspect one of my passwords might be compromised.
-(defcustom comint-password-prompt-regexpI don't see an alias for this one. Otherwise I think it's okay.
Thanks, I will fix that.
[Prev in Thread] | Current Thread | [Next in Thread] |