Disable local echo display with input passwords in linux#33
Open
Disable local echo display with input passwords in linux#33
Conversation
maru9990
approved these changes
Jun 6, 2024
|
@ip7z Can we please get this merged? If any changes are required please point them out and I will try to help out. Note that recently Arch switched from p7zip (which did not have this issue) to this repo as upstream source, leading to way more affected users. |
|
@ip7z: What do you think about this PR? |
|
This is needed on Fedora too - it's still affected as of version 25.01. Please consider merging or provide feedback as to what needs to be improved |
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 7, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z -pfd9 9< <(pass show archive) -siid.age a archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 7, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z -pfd9 9< <(pass show archive) -siid.age a archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 8, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z -pfd9 9< <(pass show archive) -siid.age a archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 15, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z a -pfd9 9< <(pass show archive) -siid.age archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 16, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z a -pfd9 9< <(pass show archive) -siid.age archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Earnestly
pushed a commit
to Earnestly/7zip
that referenced
this pull request
Feb 16, 2026
This initial work adds the -pfd[N] flag to the 7z command so that an
alternate file descriptor (fd) may be specified for reading the password
instead of standard input (stdin).
By adding this flag it becomes possible for 7z to accept data from stdin
for use with the -si flag while also being being able to decrypt a
password protected achieve without revealing the password on the
command line.
For example, generating a secret key and storing it in an encrypted archive
without the need to expose any of the data to a filesystem:
age-keygen | 7z a -pfd9 9< <(pass show archive) -siid.age archive.7z
As a side effect the password is not echoed to the terminal, however
this PR should not conflict with the work in ip7z#33.
Note that the -p flag is necessary if the archive does not exist but
should not be used if it does.
gyurix
reviewed
Apr 16, 2026
gyurix
left a comment
gyurix
left a comment
There was a problem hiding this comment.
Best of password-masking proposals so far. Small diff, limited scope, and much less churn than PR #112.
One minor portability nit: #ifdef unix is weaker than checking explicit Unix/Linux macros, and code should still fall back cleanly when stdin is not a tty.
LGTM overall.
Merge readiness: 8/10. Before merge: tighten platform macro and add one small non-Windows regression test if possible.
Author
|
@gyurix I don't have cycles to implement these changes - are you or a maintainer able to make the 8>10 changes?
|
|
I am just trying to help you with this review, applying the suggested changes or not is up to you, 8/10 is great enough score already ;) |
gyurix
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://salsa.debian.org/debian/7zip/-/commit/7b5e9a72d4579b875906134943fb9590cf165d73
close #10