bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17839: 24.4.50; read-passwd echoes password input in non-interactive

From: Glenn Morris
Subject: bug#17839: 24.4.50; read-passwd echoes password input in non-interactive sessions
Date: Tue, 24 Jun 2014 14:41:51 -0400
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) 
Sebastian Wiesner wrote:

>> Batch mode isn't designed for interaction. It uses standard I/O,
>> oblivious to who is consuming the input.
>
> In this case `read-passwd' should at least signal an error when called
> in non-interactive mode,

I think that would be overkill.

> and have a warning in its doctoring.

A notice perhaps.

> Currently it is simply insecure in non-interactive mode, and neither
> its docstring nor the Emacs Lisp manual document that the password is
> exposed when called in non-interactive mode.

It's in the manual section on minibuffer input, and in batch mode there
is no minibuffer. For example, read-file-name doesn't offer completion
in batch-mode. It doesn't provide history. ctrl-k doesn't work. Etc.
I see no point in mentioning these things in the doc-string of every
function that uses the minibuffer.

But yes, read-passwd is a slightly special case and could stand to
mention batch mode in its doc.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]