#3948: Please add a hook called just before sendmail invocation
--------------------------+----------------------
Reporter: tpikonen | Owner: mutt-dev
Type: enhancement | Status: reopened
Priority: minor | Milestone:
Component: mutt | Version:
Resolution: | Keywords:
--------------------------+----------------------
Comment (by vinc17):
Replying to [comment:10 kevin8t8]:
> If this truly is a security issue,
Perhaps not for most users, but who knows... It might also be used in
combination with some more serious flaw. Injecting data to the environment
(here, this includes programs to view attachments) is bad practice when
this is not useful.
> I will be glad to revert 02ff4277259e. However, I need a better
explanation why this is so. The description "uselessly more complex" is
hyperbole, since the changeset simply moved 5 lines of code from
pgp_use_gpg_agent() to mutt_init().
The previous code was not necessary, IMHO, if not broken in specific
cases. The recommended way to set {{{GPG_TTY}}} is from the shell
initialization file. This should be OK for most users. Users with specific
needs can choose some alternative way. But if Mutt sets {{{GPG_TTY}}},
this can be in their way. I also suppose that some users might want to set
{{{GPG_TTY}}} to a different terminal (e.g. with more security features
such as "secure keyboard" to type their passphrase, if the current
terminal doesn't support that), and if Mutt sets {{{GPG_TTY}}} to the
current terminal on its side, this is also bad.
> The user can not set GPG_TTY inside the $sendmail script because STDIN
is already remapped by mutt.
Here we are in the case of advanced users, with specific needs. If this is
a fixed terminal, it is possible. The name of the current terminal can
also be retrieved in alternative ways.
> As you say, they can put it in their interactive shell startup script.
They could have done this too when using the ncurses pinentry with mutt
for gpg operations. I assume mutt set it for them to make things easier,
and that was also the intent of this change.
Then this should be set '''only''' for gpg operations (and there should be
an option to disable that, in case the user wants to use a different
terminal). Otherwise this is wrong in case the user chooses to start a
terminal from Mutt (something like {{{!xterm&\r}}}, possibly implemented
as some macro): this terminal would have {{{GPG_TTY}}} set to Mutt's
terminal!
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3948#comment:11>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
