Secure fields show using grep

[trevren11]

If you try to run a command and grep the output and the action requires a password, the password field is no longer hidden

Example:

>>>>  randomCommand | grep SHA1
Enter keystore password:  SHOWSPASSWORD
         SHA1: some output
         Signature algorithm name: SHA1withDSA

Should be:

>>>>  randomCommand | grep SHA1
Enter keystore password: 
         SHA1: some output
         Signature algorithm name: SHA1withDSA

[DHowett]

It looks like the issue might be in printing escapes (like tty echo off) to stderr. They may be ending up piped to grep instead.

[stehufntdev]

Thanks for reporting the issue, can you please provide the repro that you tried? Locally I changed my password to secret and I didn't see the password printed out:

root@TEST-6:/mnt/c/Users/Test/AppData/Local/lxss# passwd | grep secret
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

[trevren11]

I am using this command.I am developing with Android using the Java keytool.

C:\Program Files\Java\jdk1.8.0_91\bin>keytool -exportcert -list -v -alias tester -keystore C:\Users\user\.keystore\test | grep SHA1
Enter keystore password:  password
         SHA1: AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA
         Signature algorithm name: SHA1withDSA

[benhillis]

I tried this locally and I'm not seeing secure fields in grep when using "sudo." There hasn't been activity on this thread in some time so I'm closing it out.