Addison Crump discovered that Cargo incorrectly set file permissions
on UNIX-like systems when extracting crate archives. If the crate would
contain files writable by any user, a local attacker could possibly use
this issue to execute code as another user.

Read More