diff --git a/package-lock.json b/package-lock.json
index 3cca706bd..178dc7a1f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "shelljs",
-  "version": "0.8.3",
+  "version": "0.8.5",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index fcb0fb570..5c79efeec 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "shelljs",
-  "version": "0.8.3",
+  "version": "0.8.5",
   "description": "Portable Unix shell commands for Node.js",
   "keywords": [
     "shelljs",
diff --git a/src/common.js b/src/common.js
index 14a49fc58..64fa2fbc0 100644
--- a/src/common.js
+++ b/src/common.js
@@ -450,7 +450,7 @@ function _register(name, implementation, wrapOptions) {
   // If an option isn't specified, use the default
   wrapOptions = Object.assign({}, DEFAULT_WRAP_OPTIONS, wrapOptions);
 
-  if (shell[name]) {
+  if (shell.hasOwnProperty(name)) {
     throw new Error('Command `' + name + '` already exists');
   }
 
diff --git a/src/exec.js b/src/exec.js
index de3322c81..78faf13d2 100644
--- a/src/exec.js
+++ b/src/exec.js
@@ -48,7 +48,24 @@ function execSync(cmd, opts, pipe) {
     stderrFile: stderrFile,
   };
 
-  fs.writeFileSync(paramsFile, JSON.stringify(paramsToSerialize), 'utf8');
+  // Create the files and ensure these are locked down (for read and write) to
+  // the current user. The main concerns here are:
+  //
+  // * If we execute a command which prints sensitive output, then
+  //   stdoutFile/stderrFile must not be readable by other users.
+  // * paramsFile must not be readable by other users, or else they can read it
+  //   to figure out the path for stdoutFile/stderrFile and create these first
+  //   (locked down to their own access), which will crash exec() when it tries
+  //   to write to the files.
+  function writeFileLockedDown(filePath, data) {
+    fs.writeFileSync(filePath, data, {
+      encoding: 'utf8',
+      mode: parseInt('600', 8),
+    });
+  }
+  writeFileLockedDown(stdoutFile, '');
+  writeFileLockedDown(stderrFile, '');
+  writeFileLockedDown(paramsFile, JSON.stringify(paramsToSerialize));
 
   var execArgs = [
     path.join(__dirname, 'exec-child.js'),
@@ -91,6 +108,7 @@ function execSync(cmd, opts, pipe) {
   }
 
   // No biggie if we can't erase the files now -- they're in a temp dir anyway
+  // and we locked down permissions (see the note above).
   try { common.unlinkSync(paramsFile); } catch (e) {}
   try { common.unlinkSync(stderrFile); } catch (e) {}
   try { common.unlinkSync(stdoutFile); } catch (e) {}

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://mail.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/shelljs/shelljs/compare/v0.8.3...v0.8.5.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://mail.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/shelljs/shelljs/compare/v0.8.3...v0.8.5.diff" target="_blank">pFad Proxy</a></p><p><a href="http://mail.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/shelljs/shelljs/compare/v0.8.3...v0.8.5.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://mail.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/shelljs/shelljs/compare/v0.8.3...v0.8.5.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>