|
From: | Juri Linkov |
Subject: | bug#30186: 27.0.50; Password is not hidden in read-passwd |
Date: | Sat, 20 Jan 2018 23:29:35 +0200 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (x86_64-pc-linux-gnu) |
This is a regression and a security flaw. Reading a password with ‘read-passwd’ doesn't hide inserted characters anymore as it used to do in older versions. When the user has such customization: (custom-set-variables '(yank-excluded-properties t)) evaluating (read-passwd "Prompt: ") and yanking a password to the minibuffer with 'C-y' doesn't hide it as it did in Emacs 25. This can be traced down to ‘remove-yank-excluded-properties’ where ‘set-text-properties’ used to leave ‘display’ properties (with ‘.’ over inserted characters) in the minibuffer.
[Prev in Thread] | Current Thread | [Next in Thread] |