bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17839: 24.4.50; read-passwd echoes password input in non-interactive


From: Sebastian Wiesner
Subject: bug#17839: 24.4.50; read-passwd echoes password input in non-interactive sessions
Date: Mon, 23 Jun 2014 18:52:34 +0200

Am 23.06.2014 um 17:46 schrieb Andreas Schwab <address@hidden>:

> Sebastian Wiesner <address@hidden> writes:
> 
>> In a non-interactive session, i.e. "emacs -Q --batch …", `read-passwd'
>> currently echoes the password input on the TTY.
> 
> Batch mode isn't designed for interaction. It uses standard I/O,
> oblivious to who is consuming the input.

In this case `read-passwd’ should at least signal an error when called in 
non-interactive mode, and have a warning in its doctoring.  

Currently it is simply insecure in non-interactive mode, and neither its 
docstring nor the Emacs Lisp manual document that the password is exposed when 
called in non-interactive mode.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]