Re: master 739593d 3/5: Make gnus-copy-file act like copy-file etc.

[Lars Ingebrigtsen]

Paul Eggert <address@hidden> writes:

> It's an area where convenience and security collide.

What are the security implications of writing the file to the directory
if the user (interactively) types in that directory name?

> As a simple and dumb example, if people have "/ t m p RET" hardwired
> into their fingers, we could make an exception for "/tmp" without
> losing security. On real-world hosts the security problem can occur
> for subsidiary directories of /tmp, but not for /tmp itself.

The user can type anything, like "/home/larsi" and "/var/tmp" and the
behaviour should be the same across directories.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no