- djm@cvs.openbsd.org 2014/07/18 02:46:01

     [ssh-agent.c]
     restore umask around listener socket creation (dropped in streamlocal patch
     merge)

2 files changed, 8 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index a7c402316..43e154b0e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,10 @@
      reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
      previously we were always returning 0. bz#2255 reported by Brendan
      Germain; ok dtucker
+   - djm@cvs.openbsd.org 2014/07/18 02:46:01
+     [ssh-agent.c]
+     restore umask around listener socket creation (dropped in streamlocal patch
+     merge)
 
 20140717
  - (djm) [digest-openssl.c] Preserve array order when disabling digests.
diff --git a/ssh-agent.c b/ssh-agent.c
index 26c1bd37e..e20a64ecf 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.188 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.189 2014/07/18 02:46:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1047,6 +1047,7 @@ main(int ac, char **av)
         char pidstrbuf[1 + 3 * sizeof pid];
         struct timeval *tvp = NULL;
         size_t len;
+        mode_t prev_mask;
 
         /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
         sanitise_stdfd();
@@ -1159,12 +1160,14 @@ main(int ac, char **av)
          * Create socket early so it will exist before command gets run from
          * the parent.
          */
+        prev_mask = umask(0177);
         sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
         if (sock < 0) {
                 /* XXX - unix_listener() calls error() not perror() */
                 *socket_name = '\0'; /* Don't unlink any existing file */
                 cleanup_exit(1);
         }
+        umask(prev_mask);
 
         /*
          * Fork, and have the parent execute the command, if any, or present