Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.Referenceshttp://www.openwall.com/lists/oss-security/2019/10/09/4http://www.openwall.com/lists/oss-security/2019/10/10/1http://www.openwall.com/lists/oss-security/2019/10/17/3
