On 2021-10-22 10:30:43 -0700, Kevin J. McCarthy wrote: > On Fri, Oct 22, 2021 at 12:51:04PM +0200, Vincent Lefevre wrote: > > Following my remark about the privacy reason, I think that the patch > > would be useful to make sure that data are not silently left on the > > alternate screen (which is no longer visible after quitting Mutt, > > but can be retrieved at least in xterm with its menus, and possibly > > via escape sequences I think). > > I don't feel _strongly_ against the patch, but absent a real threat model > I'm still not convinced it belongs inside Mutt. > > After 25 years of this behavior, is clearing the alternate screen really now > a security or privacy issue; against an attacker who evidently has access to > your terminal?
There might still be a possibility to have the contents printed via escape sequences, e.g. with some shell command. For instance, what happened to me in the past: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301989 (FYI, the data were sent on a *shared* printer in my lab). The same kind of issue could theoretically still occur, though this should be very rare. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
