bug#36154: 26.2; read-passwd function creates a security issue

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#36154: 26.2; read-passwd function creates a security issue

From:	Lars Ingebrigtsen
Subject:	bug#36154: 26.2; read-passwd function creates a security issue
Date:	Thu, 10 Oct 2019 01:25:59 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Ahmet BASTUG <bastugn@itu.edu.tr> writes:

> read-passwd function which is located in "subr.el" causes kind of a
> security issue. When function is used, user is prompted with a promt
> and everything user typed is displayed as '.' characters. If any kind
> of kill operation is performed on the prompt minibuffer, real value is 
> saved into kill-ring. Then you can yank it anywhere you want. I'm not
> sure this is meant this way but I think not.

I think it makes sense to allow users to do this -- this is something
that should be up to them whether to do or not.  So I'm closing this bug
report.  If anybody disagrees with this, please feel free to reopen.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

bug#36154: 26.2; read-passwd function creates a security issue, Lars Ingebrigtsen <=
- bug#36154: 26.2; read-passwd function creates a security issue, Phil Sainty, 2019/10/09
  - bug#36154: 26.2; read-passwd function creates a security issue, Noam Postavsky, 2019/10/09
    - bug#36154: 26.2; read-passwd function creates a security issue, Phil Sainty, 2019/10/09

Prev by Date: bug#36036: Visual Studio 2019 compiler errors not detected/recognized by compile.el
Next by Date: bug#36223: 26.1; dired-omit-mode breaks recover-session
Previous by thread: bug#36036: Visual Studio 2019 compiler errors not detected/recognized by compile.el
Next by thread: bug#36154: 26.2; read-passwd function creates a security issue
Index(es):
- Date
- Thread