From 07106897a606ab290f5cf2fbaf52bbfa448a9d6b Mon Sep 17 00:00:00 2001
From: Alexander GQ Gerasiov <gq@cs.msu.su>
Date: Mon, 28 Aug 2017 01:03:06 +0300
Subject: [PATCH] Fix CVE-2016-10351: Insecure cWorkingDir permissions.

Set 700 permisson on dir on every start.

Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su>
---
 Telegram/SourceFiles/settings.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Telegram/SourceFiles/settings.h b/Telegram/SourceFiles/settings.h
index 8463bcbdd..e2de77ff3 100644
--- a/Telegram/SourceFiles/settings.h
+++ b/Telegram/SourceFiles/settings.h
@@ -79,7 +79,12 @@ DeclareReadSetting(LaunchMode, LaunchMode);
 DeclareSetting(QString, WorkingDir);
 inline void cForceWorkingDir(const QString &newDir) {
 	cSetWorkingDir(newDir);
-	if (!gWorkingDir.isEmpty()) QDir().mkpath(gWorkingDir);
+	if (!gWorkingDir.isEmpty()) {
+		QDir().mkpath(gWorkingDir);
+		QFile::setPermissions(gWorkingDir,
+			QFileDevice::ReadUser | QFileDevice::WriteUser | QFileDevice::ExeUser);
+	}
+
 }
 DeclareReadSetting(QString, ExeName);
 DeclareReadSetting(QString, ExeDir);