Description: Patch to fix ~/.surf directory and cookies.txt file permission
 This patch is provided by Anslem Garbe to fix the permission of ~/.surf
 directory and cookies.txt file which had caused the CVE-2012-0842.
Author: Anslem R Garbe <garbeam@gmail.com>
Last-Update: 2012-02-11
Forwarded: http://lists.suckless.org/dev/1202/10987.html
--- a/surf.c	2012-02-11 10:42:25.439766456 +0100
+++ b/surf.c	2012-02-11 17:49:08.110085898 +0100
@@ -126,12 +126,15 @@
 		apath = g_strconcat(g_get_home_dir(), "/", path, NULL);
 	if((p = strrchr(apath, '/'))) {
 		*p = '\0';
-		g_mkdir_with_parents(apath, 0755);
+		g_mkdir_with_parents(apath, 0700);
+		g_chmod(apath, 0700); /* in case it existed */
 		*p = '/';
 	}
 	/* creating file (gives error when apath ends with "/") */
-	if((f = fopen(apath, "a")))
+	if((f = fopen(apath, "a"))) {
+		g_chmod(apath, 0600); /* always */
 		fclose(f);
+	}
 	return apath;
 }