From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-users-return-15753-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 12422 invoked by alias); 1 Feb 2011 22:05:56 -0000
Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Users List <zsh-users.zsh.org>
List-Post: <mailto:zsh-users@zsh.org>
List-Help: <mailto:zsh-users-help@zsh.org>
X-Seq: 15753
Received: (qmail 25558 invoked from network); 1 Feb 2011 22:05:54 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
Received-SPF: pass (ns1.primenet.com.au: SPF record at _spf.google.com designates 209.85.212.43 as permitted sender)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-type;
        bh=bt3uD4ee5H0Y3go3wiVR/Dgkmu6sTLBZNpCkf/QbNCM=;
        b=yIDMEK3S10yFEROjTBIHN67nAa3duEPK84Jta6vcMzKYzlYKcS4ZIrWjdeTiejDwc7
         ORO4aCmvlqlXCm71/yoBd4XML2BTKXD8WqIjRW2hE0ElJrSrG5KFaexePW87bE5p23zJ
         aMSFP3yCOzG3NImd1C0LdpwivU66a/PXLoncY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        b=vXZXAKxxfmAPPxhRTue9Wy+zmQyCm9oKxF/Q7u5DtcjLO3LgTeZAnTU5t1CKEgPL+d
         AhBuT4Jay0Wzx5bE0g+8G68sAIrCtttExLgSGS00M/qasr2mLtUEq4NkVjhDwIu2K3jn
         V3ix7hzlI4JCDyknGgboUT4b+xqQd9RyXKwt0=
MIME-Version: 1.0
In-Reply-To: <AANLkTik-C+PD67k2FTySFCfpcZe4yTfDTWwRWp9DaB5A@mail.gmail.com>
References: <AANLkTi=vmDkSaef2r-gaMK=6en=EYyCsWbVppRsPwF5r@mail.gmail.com> <AANLkTik-C+PD67k2FTySFCfpcZe4yTfDTWwRWp9DaB5A@mail.gmail.com>
From: Julien Nicoulaud <julien.nicoulaud@gmail.com>
Date: Tue, 1 Feb 2011 22:59:27 +0100
Message-ID: <AANLkTikajPjd=r1CSrZnPCLnNFMS-y7KX1TKskQVvv1X@mail.gmail.com>
Subject: Re: Commands with passwords as options
To: Mikael Magnusson <mikachu@gmail.com>
Cc: zsh-users <zsh-users@zsh.org>
Content-Type: multipart/alternative; boundary=0016364eee18a7022a049b3fa698

--0016364eee18a7022a049b3fa698
Content-Type: text/plain; charset=ISO-8859-1

OK, but at least it is hidden from the shell "UI". Take it as
"man-looking-over-your shoulder" protection :-) For example you show
something to  someone, you do a backward history search and a command with a
clear text password you forgot to exclude from history pops out...

2011/2/1 Mikael Magnusson <mikachu@gmail.com>

> On 1 February 2011 22:15, Julien Nicoulaud <julien.nicoulaud@gmail.com>
> wrote:
> > Some commands take passwords as option values, which is not very
> secure... I
> > was wondering if there is some way to handle that, for example through a
> > custom completer. Ideally, I here is how it should behave:
> >  - When reaching an option which expected value is a password, prompt for
> it
> > and read it from stdin
> >  - Do not display it in the buffer (just replace it with "XXXX" for
> example)
> >  - When accepting the buffer, replace the displayed buffer with the real
> one
> >  - Save the displayed buffer in the history rather than the real one
> >
> > Does anyone have an idea on how to achieve this ?
>
> That doesn't actually achieve anything, the password is still visible
> in /proc/<pid>/cmdline.
>
> --
> Mikael Magnusson
>

--0016364eee18a7022a049b3fa698--