|
buf.pl restores the scrollbuffer between "/upgrade"s by writing the
contents to a file, and reading that after the new process was spawned.
Through that file, the contents of (private) chat conversations may leak to
other users.
Careful users with a limited umask (e.g. 077) are not affected by this bug.
However, most Linux systems default to a umask of 022, meaning that files
written without further restricting the permissions, are readable by any
user.
This patch sets a safer umask of 077 for the scrollbuffer dump, and will
remove the temporary file after use to further reduce the attack surface.
Additionally, it will remove any remaining temporary scrollbuffer file left
in place, like those written by previous versions of the script.
|
