Default permissions for injected files can be too loose in some cases
Reported by Johannes Erdfelt on 2012-03-28
This bug affects 1 person
For instance, if /etc/shadow is injected, then 0644 permissions are too loose.
A possible fix is to maintain the same permissions if a file already exists, but default to 0644 for new files.