Prevent line-mode term from showing user passwords

For buffers whose mode derive from comint-mode, the user password is read from the minibuffer and it's hidden. A buffer in term-mode and line submode, instead shows the passwords. Make buffers in line term-mode to hide passwords too (Bug#30190). * lisp/term.el (term-send-invisible): Prefer the more robust `read-passwd' instead of `term-read-noecho'. (term-watch-for-password-prompt): New function. (term-emulate-terminal): Call it each time we receive non-escape sequence output. Co-authored-by: Noam Postavsky <npostavs@gmail.com>
author: Tino Calancha 2018-02-15 09:09:50 +0900
committer: Noam Postavsky 2018-07-23 08:20:07 -0400
commit: 2b70b54739a8a422aff85f0183fb69eb339c35d4 (patch)
tree: 282c47615c71006d6173d4a6eb1043e43c0a9f9a
parent: 5de444112cf19c078d4a74752a50e890233ef033 (diff)
download: emacs-2b70b54739a8a422aff85f0183fb69eb339c35d4.tar.gz
emacs-2b70b54739a8a422aff85f0183fb69eb339c35d4.zip
1 files changed, 15 insertions, 4 deletions
diff --git a/lisp/term.el b/lisp/term.el
index b7f5b0e7f20..ae451e94bd6 100644
--- a/lisp/term.el
+++ b/lisp/term.el
@@ -347,6 +347,7 @@
 (eval-when-compile (require 'cl-lib))
 (require 'ring)
 (require 'ehelp)
+(require 'comint) ; Password regexp.
 (declare-function ring-empty-p "ring" (ring))
 (declare-function ring-ref "ring" (ring index))
@@ -2283,12 +2284,10 @@ applications."
 (defun term-send-invisible (str &optional proc)
  "Read a string without echoing.
 Then send it to the process running in the current buffer.  A new-line
-is additionally sent.  String is not saved on term input history list.
+is additionally sent.  String is not saved on term input history list."
-Security bug: your string can still be temporarily recovered with
-\\[view-lossage]."
  (interactive "P") ; Defeat snooping via C-x esc
  (when (not (stringp str))
-    (setq str (term-read-noecho "Non-echoed text: " t)))
+    (setq str (read-passwd "Non-echoed text: ")))
  (when (not proc)
    (setq proc (get-buffer-process (current-buffer))))
  (if (not proc) (error "Current buffer has no process")
@@ -2297,6 +2296,16 @@ Security bug: your string can still be temporarily recovered with
    (term-send-string proc str)
    (term-send-string proc "\n")))
+;; TODO: Maybe combine this with `comint-watch-for-password-prompt'.
+(defun term-watch-for-password-prompt (string)
+  "Prompt in the minibuffer for password and send without echoing.
+Checks if STRING contains a password prompt as defined by
+`comint-password-prompt-regexp'."
+  (when (term-in-line-mode)
+    (when (let ((case-fold-search t))
+            (string-match comint-password-prompt-regexp string))
+      (term-send-invisible (read-passwd string)))))
 ;;; Low-level process communication
@@ -3152,6 +3161,8 @@ See `term-prompt-regexp'."
          (term-handle-deferred-scroll))
        (set-marker (process-mark proc) (point))
+        (when (stringp decoded-substring)
+          (term-watch-for-password-prompt decoded-substring))
        (when save-point
          (goto-char save-point)
          (set-marker save-point nil))
author	Tino Calancha	2018-02-15 09:09:50 +0900
committer	Noam Postavsky	2018-07-23 08:20:07 -0400
commit	2b70b54739a8a422aff85f0183fb69eb339c35d4 (patch)
tree	282c47615c71006d6173d4a6eb1043e43c0a9f9a
parent	5de444112cf19c078d4a74752a50e890233ef033 (diff)
download	emacs-2b70b54739a8a422aff85f0183fb69eb339c35d4.tar.gz emacs-2b70b54739a8a422aff85f0183fb69eb339c35d4.zip