http://bugzilla.opensuse.org/show_bug.cgi?id=942810 Bug ID: 942810 Summary: kgpg editor outputs typed characters to stderr Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: All OS: openSUSE 13.2 Status: NEW Severity: Major Priority: P5 - None Component: KDE4 Applications Assignee: kde-maintainers@suse.de Reporter: jbuckingham@blueyonder.co.uk QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0 Build Identifier: I happened to run kgpg from the CLI in a konsole, and then used its editor to open an encrypted file. What I then noticed was that as I typed stuff in the editor, the characters were appearing in the konsole (numeric encoding) e.g. 65 for 'a', 66 for 'b' etc. They seemed to go to stderr. This is a security issue since kgpg is often used to stored passwords and other secrets. According to https://forums.opensuse.org/showthread.php/509249-kgpg-editor-insecure?highl...... That's actually kdelibs4's fault. It contains a debug statement in ktextedit that outputs every pressed key to stderr. The same happens when you rename a file in dolphin e.g. It has been fixed recently with the following commit: https://quickgit.kde.org/?p=kdelibs....2e5d91c7855609 If you think we should fix this in openSUSE 13.2 as well, please file a bug report. See also: https://forum.kde.org/viewtopic.php?f=223&t=127144 Reproducible: Always Steps to Reproduce: 1. run kgpg from CLI 2. open kgpg editor 3. open file from within editor 4. Observed type characters in original shell Actual Results: characters were appearing in the konsole (numeric encoding) e.g. 65 for 'a', 66 for 'b' etc. Expected Results: Nothing output to stderr or stdout. It should be a secure application -- You are receiving this mail because: You are on the CC list for the bug.