tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file.Referenceshttp://marc.info/?l=bugtraq&m=94286179032648&w=2
