From 2b70b54739a8a422aff85f0183fb69eb339c35d4 Mon Sep 17 00:00:00 2001 From: Tino Calancha Date: Thu, 15 Feb 2018 09:09:50 +0900 Subject: [PATCH] Prevent line-mode term from showing user passwords For buffers whose mode derive from comint-mode, the user password is read from the minibuffer and it's hidden. A buffer in term-mode and line submode, instead shows the passwords. Make buffers in line term-mode to hide passwords too (Bug#30190). * lisp/term.el (term-send-invisible): Prefer the more robust `read-passwd' instead of `term-read-noecho'. (term-watch-for-password-prompt): New function. (term-emulate-terminal): Call it each time we receive non-escape sequence output. Co-authored-by: Noam Postavsky --- lisp/term.el | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/lisp/term.el b/lisp/term.el index b7f5b0e7f20..ae451e94bd6 100644 --- a/lisp/term.el +++ b/lisp/term.el @@ -347,6 +347,7 @@ (eval-when-compile (require 'cl-lib)) (require 'ring) (require 'ehelp) +(require 'comint) ; Password regexp. (declare-function ring-empty-p "ring" (ring)) (declare-function ring-ref "ring" (ring index)) @@ -2283,12 +2284,10 @@ applications." (defun term-send-invisible (str &optional proc) "Read a string without echoing. Then send it to the process running in the current buffer. A new-line -is additionally sent. String is not saved on term input history list. -Security bug: your string can still be temporarily recovered with -\\[view-lossage]." +is additionally sent. String is not saved on term input history list." (interactive "P") ; Defeat snooping via C-x esc (when (not (stringp str)) - (setq str (term-read-noecho "Non-echoed text: " t))) + (setq str (read-passwd "Non-echoed text: "))) (when (not proc) (setq proc (get-buffer-process (current-buffer)))) (if (not proc) (error "Current buffer has no process") @@ -2297,6 +2296,16 @@ Security bug: your string can still be temporarily recovered with (term-send-string proc str) (term-send-string proc "\n"))) +;; TODO: Maybe combine this with `comint-watch-for-password-prompt'. +(defun term-watch-for-password-prompt (string) + "Prompt in the minibuffer for password and send without echoing. +Checks if STRING contains a password prompt as defined by +`comint-password-prompt-regexp'." + (when (term-in-line-mode) + (when (let ((case-fold-search t)) + (string-match comint-password-prompt-regexp string)) + (term-send-invisible (read-passwd string))))) + ;;; Low-level process communication @@ -3152,6 +3161,8 @@ See `term-prompt-regexp'." (term-handle-deferred-scroll)) (set-marker (process-mark proc) (point)) + (when (stringp decoded-substring) + (term-watch-for-password-prompt decoded-substring)) (when save-point (goto-char save-point) (set-marker save-point nil))