COMMAND

    tin

SYSTEMS AFFECTED

    unices

PROBLEM

    Brian Cazz found following.   The default permissions for the  tin
    (v 1.4.0) configuration directory allows users to read passwords.

        [cazz@ruff:~]$ ls -la |grep .tin
        drwxr-xr-x   7 cazz     cazz         1024 Nov 17 09:03 .tin

        [cazz@ruff:~/.tin]$ ls -la .inputhistory
        -rw-rw-r--   1 cazz     cazz         8192 Nov 17 09:21 .inputhistory

    If a  user is  using an  authenticated news  server, tin saves all
    keystrokes typed into tin in the file ~/.tin/.inputhistory.

SOLUTION

    It's simple:

        rm -f ~/.tin/.inputhistory
        touch ~/.tin/.inputhistory
        chmod 000 ~/.tin/.inputhistory