Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the ~/.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or other...