Password Security in Emacs Terminal Emulators

aurellem

Written by:

Robert McIntyre

I use emacs for everything – email, programming, document preparation, planning… You name it, I do it! One thing which I use emacs for is terminal emulation, which is where you create a buffer in emacs where you can enter commands as if the buffer were a terminal. Good terminal emulation packages for emacs include multi-term and term.

1 Watch Out for view-lossage!

However, if you are going to use terminal emulation in emacs, you have to be careful around "sudo" prompts, and when logging into other servers using ssh, because the last 300 keystrokes you have typed in emacs are available using C-h l, a help function in emacs which displays the last keypresses you have typed.

C-h l runs the command view-lossage, which is an interactive compiled
Lisp function in `help.el'.

It is bound to C-h l, <help> l.

(view-lossage)

Display last 300 input keystrokes.

Let's say my password is "sup3r-seekrit#7".

I open an emacs terminal using M-x multi-term, then do the following

[~] $ ssh rlm@linerva.mit.edu
Password: 

Welcome to Linerva, the SIPB Linux dialup for MIT.
Linerva runs Debathena on Debian squeeze.
 http://linerva.mit.edu                           for more information
 blanche linerva-announce -a $USER          # for outage announcements
 linerva@mit.edu              (not IS&T) for questions and bug reports

Last login: Mon Mar  4 12:53:23 2013 from ella.csail.mit.edu
rlm@dr-wily:~$ exit
logout
Connection to linerva.mit.edu closed.

Now, when I type C-h l, I can see this:

s s h SPC r l m @ l i n e r v a . m i t . e d u <return>
s u p 3 r - s e e k r i t # 7 <return> e x i t C-h l

Needless to say, this can be a security vulnerability.

2 Solutions to this problem

  • If you don't ever type your password into an emacs terminal buffer, then you are not at risk. This can be accomplished by using ssh keyfiles or Kerberos for connecting to remote servers, and by enabling passwordless sudo.
  • You can disable emacs keylogging, though you then won't be able to use the view-lossage command anymore.
  • If there's no way for an attacker to get into your emacs process, then your passwords are safe. Still, you run the risk of someone physically near your computer using this method to view your password, as well as inadvertently exposing your password when showing someone what view-lossage does!

3 Source Listing

Author: Robert McIntyre

Created: 2016-07-13 Wed 00:17

Emacs 24.5.1 (Org mode 8.3beta)

Validate