--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable the default permissions for the tin (v 1.4.0) configuration directory allows users to read passwords [cazz@ruff:~]$ ls -la |grep .tin drwxr-xr-x 7 cazz cazz 1024 Nov 17 09:03 .tin [cazz@ruff:~/.tin]$ ls -la .inputhistory=20 -rw-rw-r-- 1 cazz cazz 8192 Nov 17 09:21 .inputhistory if a user is using an authenticated news server, tin saves all keystrokes typed into tin in the file ~/.tin/.inputhistory simple solution,=20 rm -f ~/.tin/.inputhistory touch ~/.tin/.inputhistory chmod 000 ~/.tin/.inputhistory -cazz --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4MsKlac/1Eph0QDwRARwCAKCCNw4qz3AuHhd3l0zG8Ltdb3pjLwCcDpHx eOyO8FOIlwOZITXbHUql05w= =a8NO -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:02 PDT