Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-1069

Support disabling echo input in new shell

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Help Wanted
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 19.0, 20.0, 21.0, 22.0
    • Fix Version/s: None
    • Component/s: stdlib
    • Labels:
      None

      Description

      Currently disabling input echo is only supported in the new shell. This prevents getting sensitive information at runtime in an escript (or similar) problematic. Currently in rebar3_hex and mix/hex we are clearing the input ever 1ms and while this works it is obviously not an ideal solution/situation security wise and at the very least leads to bad UX.

      We did have a solution in rebar3_hex that worked for most platforms but bugs arose with it. Namely, opening up a tty_sl port does the job but subsequent io:get_line/1 calls never return after receiving input (seemingly). It is not 100% clear if this work-around is in fact a bug, so I did not open a bug report for it in favor of this is one feature request. Can gladly do so if that is what should be done.

      Please find below a way to reproduce this behavior:

      #!/usr/bin/env escript
      %% -*- erlang -*-
      %%! -noshell -boot
      %%
      main(_) ->
          erlang:display({echo_off_support, io:setopts([{echo, false}])}),
      
          %% So we do a hack with tty_sl, which works but with a side effect that
          %% results in no subsequent calls able to return from an io:get_line/1 call
          Msg = <<"Enter your foo : ">>,
          error_logger:tty(false),
          Port = open_port({spawn, "tty_sl -e"}, [binary, eof]),
          port_command(Port, <<0, Msg/binary>>),
          receive
            {Port, {data, PwLine}} ->
                   [Pw | _] = binary:split(PwLine, <<"\n">>),
                   port_command(Port, <<0, $\n>>),
                   port_close(Port),
                  error_logger:tty(true),
                  Pw
          end,
        io:get_line(<<"Enter your bar : ">>),
        erlang:display("We'll never make it here :("),
        halt(1).
      

        Attachments

          Activity

            People

            Assignee:
            otp_team_vm Team VM
            Reporter:
            starbelly Bryan Paxton
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: