COMMAND

    tin/rin

SYSTEMS AFFECTED

    All Unix Systems running old tin/rin

PROBLEM

    Tin/rin  is  unix  NEWS  reader.   When  a  user  run  rtin/tin  a
    user-list will be created in /tmp/.tin_log with mode 0666. and  if
    a  user  makes  a  symlink  from  /etc/passwd  (or  any  file)  to
    /tmp/.tin_log and root or another  user with uid 0 runs  rtin/tin,
    tin will follow the symlink to /etc/passwd and change the mode  to
    0666.

SOLUTION

    Since this is an  old problem, to fix  add or change this  line in
    Makefile:

        COPTS = -c -O -DDONT_LOG_USER

    and recompile rtin/tin package or simply install a new unofficial
    patched version of tin:

        ftp://ftp.akk.uni-karlsruhe.de/pub/news/clients/tin-unoff/

    where the logging 'feature' was removed in version 960914.