On 2012-05-02 13:24, Urs Janßen wrote:
| as using -D has some security issues:
|
| | SECURITY
| | When tin is started in debug mode (’’-D n’’) it will create world read‐
| | able files in $TMPDIR which may contain the users NNTP password in
| | cleartext. On multiuser-systems $TMPDIR should be set to a safe loca‐
| | tion before starting tin in debug mode (e.g. TMPDIR=$HOME tin -D 1).
|
| the default is to disable -D at compile time. If tin wouldn't use $TMPDIR
| but i.e. ${TIN_HOMEDIR:-"$HOME"} or the like as default localtion this
| wouldn't be an issue, unfortunately $TMPDIR (or even hardcoded /tmp) was
| choosen about 20 years ago and I don't like to change the "well known"
| location of files...
As security is in today's world quite important, this would be a good
chance to change the default to use ${TIN_HOMEDIR:-"$HOME"}. I'm sure
the users will understand the minor update; probably many won't even
notice as -D is needed only in exceptional cases.
Jari
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
