inb4 the first discovery of a program which "doesn't log plain text passwords" by logging them with the foreground colour set to the background color.

And then the one which exploits a terminal for arbitrary command execution with a buffer overflow in the VT escape code parser. Wait, what am I talking about "inb4", that happened already and it didn't even need a buffer overflow: https://www.proteansec.com/linux/blast-past-executing-code-t...

> "mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator."