Bugtraq mailing list archives
default permissions for tin
From: cazz () RUFF CS JMU EDU (Brian)
Date: Wed, 17 Nov 1999 09:58:45 -0500
the default permissions for the tin (v 1.4.0) configuration directory allows users to read passwords [[cazz@ruff:~]$ ls -la |grep .tin drwxr-xr-x 7 cazz cazz 1024 Nov 17 09:03 .tin [[cazz@ruff:~/.tin]$ ls -la .inputhistory -rw-rw-r-- 1 cazz cazz 8192 Nov 17 09:21 .inputhistory if a user is using an authenticated news server, tin saves all keystrokes typed into tin in the file ~/.tin/.inputhistory simple solution, rm -f ~/.tin/.inputhistory touch ~/.tin/.inputhistory chmod 000 ~/.tin/.inputhistory -cazz <!-- attachment="bin0a21253" --> <HR> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- default permissions for tin Brian (Nov 17)