On Sun, Sep 08, 2013 at 01:47:39AM +1000, Erik Christiansen wrote: > Yes, that is what I (perhaps too briefly) alluded to in the paragraph > quoted above. Writing to that tmp file is entirely under editor control, > with mutt providing only a temporary filename and a transparent pipe.
And in so doing it exerts control over that process; moreover it does all this with one purpose in mind: creating an e-mail message. Your editor generally neither knows nor cares about that fact, but it is an important one to the overall process. > I assumed, apparently incorrectly, that something which might provide > immediate draft file security would be welcome enough to be worth > examining. It's worth examining. But it depends on a feature in your editor which likely does not exist (unless you happen to pick one that has it--and many people detest vi/vim/emacs). Perhaps a better way to do this would be for Mutt to provide the editor a named pipe, and then read the file from that rather than an on-disk temp file. But as this temp file should normally be very short-lived (there's really no good reason to write it out manually as you did in your example), the risk of leaking the data is minimal. And if the user really is concerned about someoene stealing the disk and getting at the deleted clear text, then they probably should indeed use full disk encryption (or something like it). But that is a decision that should be left to the user. But none of this substantially affects whether Mutt should encrypt postponed messages. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpBy_v27OY0y.pgp
Description: PGP signature