On Sat, Oct 23, 2021 at 02:04:08PM +0200, Vincent Lefevre wrote: > On 2021-10-22 10:30:43 -0700, Kevin J. McCarthy wrote: > > On Fri, Oct 22, 2021 at 12:51:04PM +0200, Vincent Lefevre wrote: > > > Following my remark about the privacy reason, I think that the patch > > > would be useful to make sure that data are not silently left on the > > > alternate screen (which is no longer visible after quitting Mutt, > > > but can be retrieved at least in xterm with its menus, and possibly > > > via escape sequences I think). > > > > I don't feel _strongly_ against the patch, but absent a real threat model > > I'm still not convinced it belongs inside Mutt. > > > > After 25 years of this behavior, is clearing the alternate screen really now > > a security or privacy issue; against an attacker who evidently has access to > > your terminal? > > There might still be a possibility to have the contents printed via > escape sequences, e.g. with some shell command. For instance, what > happened to me in the past: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301989 > > (FYI, the data were sent on a *shared* printer in my lab).
There is an ANSI escape sequence to tee data to your printer, sure... but it can not be used retroactively copy data that is on your terminal to the printer. It just copies data that is currently being displayed (i.e. since the sequence was emitted) to the printer. I think the notion that this is a privacy/security concern is nuts. In the unlikely scenario you left something sensitive on your terminal window when you exited mutt, andf you're *really* that paranoid, clear the screen from your terminal's menu before leaving it, or close your terminal window. If you leave your computer unattended and unlocked, giving random passers-by access to your terminals, THAT, not this, is the security issue. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
