#3948: Please add a hook called just before sendmail invocation
--------------------------+----------------------
Reporter: tpikonen | Owner: mutt-dev
Type: enhancement | Status: reopened
Priority: minor | Milestone:
Component: mutt | Version:
Resolution: | Keywords:
--------------------------+----------------------
Changes (by kevin8t8):
* status: closed => reopened
* resolution: fixed =>
Comment:
If this truly is a security issue, I will be glad to revert 02ff4277259e.
However, I need a better explanation why this is so. The description
"uselessly more complex" is hyperbole, since the changeset simply moved 5
lines of code from pgp_use_gpg_agent() to mutt_init().
Previously, the GPG_TTY environment variable was set in
pgp_use_gpg_agent(). Once set, the environment variable was exported to
'''all''' subsequent programs launched by mutt. If there was a security
issue, it seems mutt should have taken care to remove the environment
variable after its use by pgp/gpg.
The user can not set GPG_TTY inside the $sendmail script because STDIN is
already remapped by mutt.
As you say, they can put it in their interactive shell startup script.
They could have done this too when using the ncurses pinentry with mutt
for gpg operations. I assume mutt set it for them to make things easier,
and that was also the intent of this change.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3948#comment:10>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
