GNU nano Incorrect Permission Vulnerability in XDG Directory Creation

A vulnerability exists in GNU nano versions 2.9.1 prior to 9.0, where the application creates the user's ~/.local directory with overly permissive permissions. When the directory is first created for Cross-Desktop Group (XDG) data storage, nano sets the permissions to 0777, making it world-writable. This issue is particularly problematic in environments with a relaxed or zero umask, such as container environments, CI/CD runners, embedded systems, or user shells with umask 000. In these cases, the ~/.local directory becomes world-writable, allowing local attackers to exploit a race condition between the creation of the ~/.local directory and its subdirectories. This exploitation can lead to unauthorized files being written into the victim's XDG directory hierarchy.

Impact

The vulnerability allows local attackers to write files into the victim's XDG directory hierarchy, potentially leading to the execution of malicious .desktop files.

Remediation

Users can upgrade to GNU nano version 9.0 or later to address this vulnerability.