the default permissions for the tin (v 1.4.0) configuration directory allows
users to read passwords
[cazz@ruff:~]$ ls -la |grep .tin
drwxr-xr-x 7 cazz cazz 1024 Nov 17 09:03 .tin
[cazz@ruff:~/.tin]$ ls -la .inputhistory
-rw-rw-r-- 1 cazz cazz 8192 Nov 17 09:21 .inputhistory
if a user is using an authenticated news server, tin saves all
keystrokes typed into tin in the file ~/.tin/.inputhistory
simple solution,
rm -f ~/.tin/.inputhistory
touch ~/.tin/.inputhistory
chmod 000 ~/.tin/.inputhistory
-cazz
PGP signature
