Re: /home/loser is with permissions 755, default umask 0022
Some more exploit vectors from the FD list:
https://seclists.org/fulldisclosure/2020/Nov/13
Partial results:
1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.
2. Some time ago on a multiuser debian mirror we found a lot of data,
including the wordpress password of the admin.
3. Anything created by EDITOR NEWFILE is readable, unless the directory
prevents. This include root doing EDITOR /etc/NEWFILE
Reply to: