When I'm prompted for a password while accessing a remote directory
using TRAMP in Emacs, sometimes the password isn't hidden (i.e. periods
aren't echoed in the minibuffer, but the actual password is echoed
instead).
I ran the Emacs Lisp debugger in the minibuffer while this happened and
it gave me the following:
Debugger entered: nil
...
read-string("Password for /method:username@hostname: " nil t nil)
read-passwd("Password for /method:username@hostname: ")
password-read("Password for /method:username@hostname: "
"/method:username@hostname:")
...
When I looked at the function definitions, the definition for
read-passwd in subr.el stood out:
(defun read-passwd (prompt &optional confirm default)
"Read a password, prompting with PROMPT, and return it.
If optional CONFIRM is non-nil, read the password twice to make sure.
Optional DEFAULT is a default password to use instead of empty input.
This function echoes `.' for each character that the user types.
Once the caller uses the password, it can erase the password
by doing (clear-string STRING)."
(if confirm
(let (success)
(while (not success)
(let ((first (read-passwd prompt nil default))
(second (read-passwd "Confirm password: " nil default)))
(if (equal first second)
(progn
(and (arrayp second) (clear-string second))
(setq success first))
(and (arrayp first) (clear-string first))
(and (arrayp second) (clear-string second))
(message "Password not repeated accurately; please start over")
(sit-for 1))))
success)
(let ((hide-chars-fun
(lambda (beg end _len)
(clear-this-command-keys)
(setq beg (min end (max (minibuffer-prompt-end)
beg)))
(dotimes (i (- end beg))
(put-text-property (+ i beg) (+ 1 i beg)
'display (string ?.)))))
minibuf)
(minibuffer-with-setup-hook
(lambda ()
(setq minibuf (current-buffer))
;; Turn off electricity.
(setq-local post-self-insert-hook nil)
(setq-local buffer-undo-list t)
(setq-local select-active-regions nil)
(use-local-map read-passwd-map)
(add-hook 'after-change-functions hide-chars-fun nil 'local))
(unwind-protect
(let ((enable-recursive-minibuffers t))
(read-string prompt nil t default)) ; t = "no history"
(when (buffer-live-p minibuf)
(with-current-buffer minibuf
;; Not sure why but it seems that there might be cases where the
;; minibuffer is not always properly reset later on, so undo
;; whatever we've done here (bug#11392).
(remove-hook 'after-change-functions hide-chars-fun 'local)
(kill-local-variable 'post-self-insert-hook)
;; And of course, don't keep the sensitive data around.
(erase-buffer))))))))
I don't know Lisp, so I'm not sure precisely what's causing this.
The good news is that the bug happens predictably. The instructions for
reproducing the bug are below. It works for both emacs-X11 and
emacs-w32, both run with the -q flag. However, the bug disappears if run
with the -Q flag.
1) Run "emacs-w32 -q" or "emacs-X11 -q" in bash.
2) Type "C-x d" for the "dired" command.
3) Type "/username@hostname:~/" at the Dired prompt. Don't omit the
forward slash after the tilde -- omitting the forward slash makes the
bug disappear.
4) Type <RET> and wait for the password prompt.
5) Type in the password, type <RET> and wait for the Dired buffer to
load. The minibuffer should echo periods properly.
6) Type "C-x C-c" to exit Emacs.
7) Run "emacs-w32 -q" or "emacs-X11 -q" in bash. This does not have to
be same version of Emacs as run in Step 1 -- using the other version
will still produce the bug.
8) Type "C-x d" for the "dired" command.
9) Type "/username@hostname:~/" at the Dired prompt, exactly the same
string as used in Step 3.
10) Type <RET> and wait for the password prompt.
11) Begin typing. The bug should appear, with the minibuffer echoing the
password instead of periods.
Avoid typos when typing at the Dired prompt. I'm not sure whether it
really matters, but I haven't tested whether typos affect reproducibility.
The output of cygcheck -s -v -r, with identifying information redacted,
has already been uploaded to the mailing list here:
http://cygwin.com/ml/cygwin/2013-11/msg00303.html
Cheers,
SDS
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
