GNU bug report logs - #17127
`call-process' circumvents password concealment w/ `read-passwd'

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: Nathan Trapuzzano <nbtrap@HIDDEN>; dated Fri, 28 Mar 2014 00:34:01 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 17127 <at> debbugs.gnu.org:


Received: (at 17127) by debbugs.gnu.org; 28 Mar 2014 02:40:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 22:40:00 2014
Received: from localhost ([127.0.0.1]:53437 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTMi7-0000ju-Jb
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:39:59 -0400
Received: from gproxy2-pub.mail.unifiedlayer.com ([69.89.18.3]:55841)
 by debbugs.gnu.org with smtp (Exim 4.80)
 (envelope-from <nbtrap@HIDDEN>) id 1WTMi2-0000ji-Pk
 for 17127 <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:39:56 -0400
Received: (qmail 20951 invoked by uid 0); 28 Mar 2014 02:39:51 -0000
Received: from unknown (HELO cmgw4) (10.0.90.85)
 by gproxy2.mail.unifiedlayer.com with SMTP; 28 Mar 2014 02:39:51 -0000
Received: from host393.hostmonster.com ([66.147.240.193]) by cmgw4 with 
 id ixfl1n00D4B3kjm01xfoNX; Fri, 28 Mar 2014 03:39:50 -0600
X-Authority-Analysis: v=2.1 cv=L+eOHYj8 c=1 sm=1 tr=0
 a=GZ6qK+eS4AuCRVUKGEKC+Q==:117 a=GZ6qK+eS4AuCRVUKGEKC+Q==:17 a=DsvgjBjRAAAA:8
 a=f5113yIGAAAA:8 a=4GsTxW34auoA:10 a=-WKLDjVvHWAA:10 a=lfvU_ReahkwA:10
 a=ngU5ixn2AAAA:8 a=fWyWhr6xdMwA:10 a=r0oDxNsHx84vvuxIQe4A:9
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbtrap.com;
 s=default; 
 h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:References:Subject:Cc:To:From;
 bh=QoPYtzkAgUcoagRDuEvXNdy30/DOcccrJSdf4bLjnbM=; 
 b=fGAcYareKlh0hJbhTOugAA60VpdvBkQJ8yyVFZMtFyHD5BdaCgajlOcfr1AnqZN2z9BsapcVkgstXPe7fmCEvLhqZIfmS33YHYPP3VXI2tNfl5Ih9LQWiGdQKdP3duIE;
Received: from [50.90.253.209] (port=54006 helo=Nathan-GNU)
 by host393.hostmonster.com with esmtpsa (TLSv1.2:CAMELLIA128-SHA:128)
 (Exim 4.82) (envelope-from <nbtrap@HIDDEN>)
 id 1WTMhu-00069O-Ns; Thu, 27 Mar 2014 20:39:46 -0600
From: Nathan Trapuzzano <nbtrap@HIDDEN>
To: Stefan Monnier <monnier@HIDDEN>
Subject: Re: bug#17127: `call-process' circumvents password concealment w/
 `read-passwd'
References: <871txntb60.fsf@HIDDEN>
 <jwvvbuznkth.fsf-monnier+emacsbugs@HIDDEN>
Date: Thu, 27 Mar 2014 22:39:41 -0400
In-Reply-To: <jwvvbuznkth.fsf-monnier+emacsbugs@HIDDEN> (Stefan Monnier's
 message of "Thu, 27 Mar 2014 22:04:32 -0400")
Message-ID: <87ha6jcahe.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Identified-User: {1585:host393.hostmonster.com:nbtrapco:nbtrap.com}
 {sentby:smtp auth 50.90.253.209 authed with nbtrap@HIDDEN}
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 17127
Cc: 17127 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Stefan Monnier <monnier@HIDDEN> writes:

> This looks fairly contrived.  How did you stumble upon this problem?

Copy/pasting passwords from console password manager to emacs running on
terminal emulator in X.  The built-in copy/paste functionaly for the X
clipboard only works (AFAIK) with graphical emacs, so I use my own
commands to make it work on a terminal.  Here's the one that made me
catch it:

(defun paste-from-X-clipboard ()
  "Insert the X clipboard contents at point."
  (interactive)
  (call-process "xclip" nil t nil "-selection" "clipboard" "-o"))

I use that to paste passwords when, e.g., finding remote files via
ssh/TRAMP.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#17127; Package emacs. Full text available.

Message received at 17127 <at> debbugs.gnu.org:


Received: (at 17127) by debbugs.gnu.org; 28 Mar 2014 02:04:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 22:04:38 2014
Received: from localhost ([127.0.0.1]:53421 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTM9u-0008H1-8P
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:04:38 -0400
Received: from chene.dit.umontreal.ca ([132.204.246.20]:49623)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <monnier@HIDDEN>) id 1WTM9r-0008Gs-DH
 for 17127 <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:04:36 -0400
Received: from fmsmemgm.homelinux.net (lechon.iro.umontreal.ca
 [132.204.27.242])
 by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s2S24rE7012331;
 Thu, 27 Mar 2014 22:04:53 -0400
Received: by fmsmemgm.homelinux.net (Postfix, from userid 20848)
 id 971D9AE3F7; Thu, 27 Mar 2014 22:04:32 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Nathan Trapuzzano <nbtrap@HIDDEN>
Subject: Re: bug#17127: `call-process' circumvents password concealment w/
 `read-passwd'
Message-ID: <jwvvbuznkth.fsf-monnier+emacsbugs@HIDDEN>
References: <871txntb60.fsf@HIDDEN>
Date: Thu, 27 Mar 2014 22:04:32 -0400
In-Reply-To: <871txntb60.fsf@HIDDEN> (Nathan Trapuzzano's message of "Thu, 
 27 Mar 2014 20:32:55 -0400")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
	RV4894=0
X-NAI-Spam-Version: 2.3.0.9362 : core <4894> : inlines <659> : streams
 <1146045> : uri <1712068>
X-Spam-Score: -1.7 (-)
X-Debbugs-Envelope-To: 17127
Cc: 17127 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

> To reproduce with emacs -nw -q on 24.3 and trunk:

>   M-: (global-set-key
>         (kbd "C-c C-c")
>         (lambda ()
>           (interactive)
>           (call-process "echo" nil t nil "-n" "foobar")))

>   M-: (read-passwd "Password: ")

>   C-c C-c

This looks fairly contrived.  How did you stumble upon this problem?


        Stefan




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#17127; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 28 Mar 2014 00:33:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 20:33:39 2014
Received: from localhost ([127.0.0.1]:53382 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTKjq-0005uq-7e
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 20:33:38 -0400
Received: from eggs.gnu.org ([208.118.235.92]:51832)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjn-0005uh-84
 for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 20:33:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjf-0007Uc-58
 for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 20:33:35 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:34402)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjf-0007UN-2m
 for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 20:33:27 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53527)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjY-0007gx-26
 for bug-gnu-emacs@HIDDEN; Thu, 27 Mar 2014 20:33:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjO-0007SP-Hl
 for bug-gnu-emacs@HIDDEN; Thu, 27 Mar 2014 20:33:19 -0400
Received: from gproxy3-pub.mail.unifiedlayer.com ([69.89.30.42]:58906)
 by eggs.gnu.org with smtp (Exim 4.71)
 (envelope-from <nbtrap@HIDDEN>) id 1WTKjO-0007Rw-7R
 for bug-gnu-emacs@HIDDEN; Thu, 27 Mar 2014 20:33:10 -0400
Received: (qmail 19651 invoked by uid 0); 28 Mar 2014 00:33:05 -0000
Received: from unknown (HELO cmgw4) (10.0.90.85)
 by gproxy3.mail.unifiedlayer.com with SMTP; 28 Mar 2014 00:33:05 -0000
Received: from host393.hostmonster.com ([66.147.240.193]) by cmgw4 with 
 id ivYy1n0014B3kjm01vZ1VG; Fri, 28 Mar 2014 01:33:04 -0600
X-Authority-Analysis: v=2.1 cv=L+eOHYj8 c=1 sm=1 tr=0
 a=GZ6qK+eS4AuCRVUKGEKC+Q==:117 a=GZ6qK+eS4AuCRVUKGEKC+Q==:17 a=DsvgjBjRAAAA:8
 a=f5113yIGAAAA:8 a=4GsTxW34auoA:10 a=CmHQntskcbMA:10 a=lfvU_ReahkwA:10
 a=ngU5ixn2AAAA:8 a=fWyWhr6xdMwA:10 a=X89makJshVou16Vl_e8A:9 a=7ynzpamQKdIA:10
 a=8f8W8ubuCwcA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbtrap.com;
 s=default; 
 h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From;
 bh=3SEPhORvyMA5RnwDJhzP4qUZvqZT2WTVsPyAVMmotkk=; 
 b=tGKC8JKntrCluiVZPSJOeo3uWiauVUb+uXdtVtrn8syBxv6++3qvXVGBZtQAFyMnxRT+UHePi+y0pygtXqRHL2Q2VKHGo0q3b/9gjFK6PGpwS6ALKFwE11v8LxYMR0lb;
Received: from [50.90.253.209] (port=52776 helo=Nathan-GNU)
 by host393.hostmonster.com with esmtpsa (TLSv1.2:CAMELLIA128-SHA:128)
 (Exim 4.82) (envelope-from <nbtrap@HIDDEN>) id 1WTKjD-0002A2-5V
 for bug-gnu-emacs@HIDDEN; Thu, 27 Mar 2014 18:32:59 -0600
From: Nathan Trapuzzano <nbtrap@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: `call-process' circumvents password concealment w/ `read-passwd'
Date: Thu, 27 Mar 2014 20:32:55 -0400
Message-ID: <871txntb60.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Identified-User: {1585:host393.hostmonster.com:nbtrapco:nbtrap.com}
 {sentby:smtp auth 50.90.253.209 authed with nbtrap@HIDDEN}
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.3 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.3 (----)

To reproduce with emacs -nw -q on 24.3 and trunk:

  M-: (global-set-key
        (kbd "C-c C-c")
        (lambda ()
          (interactive)
          (call-process "echo" nil t nil "-n" "foobar")))

  M-: (read-passwd "Password: ")

  C-c C-c

"foobar" is printed in the minibuffer rather than "......", whereas,
e.g., yanking from the kill ring print dots.




Acknowledgement sent to Nathan Trapuzzano <nbtrap@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#17127; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 31 Oct 2014 17:00:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.