Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix disclosure via filesystem
buf.pl restores the scrollbuffer between "/upgrade"s by writing the contents to a file, and reading that after the new process was spawned. Through that file, the contents of (private) chat conversations may leak to other users. Careful users with a limited umask (e.g. 077) are not affected by this bug. However, most Linux systems default to a umask of 022, meaning that files written without further restricting the permissions, are readable by any user. This patch sets a safer umask of 077 for the scrollbuffer dump, and will remove the temporary file after use to further reduce the attack surface. Additionally, it will remove any remaining temporary scrollbuffer file left in place, like those written by previous versions of the script.
- Loading branch information
Showing
1 changed file
with
28 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters