- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]

Explicitly set umask for mkstemp; ok djm@
author: Darren Tucker <dtucker@zip.com.au> 2004-08-14 23:55:37 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2004-08-14 23:55:37 +1000
commit: 066969339dcd0352965de0ab1b5f693cf2a7fee8 (patch)
tree: df36cda53b0cb0050084516295cd1529e48f01ef
parent: a763105c0f6e4d58f2e477597d1cf5ca5317b1a1 (diff)
4 files changed, 19 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 98b0f8b96..3079c3881 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20040814
+ - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
+   Explicitly set umask for mkstemp; ok djm@
 20040813
 - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
   redhat.com
@@ -1622,4 +1626,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3505 2004/08/13 11:30:24 dtucker Exp $
+$Id: ChangeLog,v 1.3506 2004/08/14 13:55:37 dtucker Exp $
diff --git a/auth-krb5.c b/auth-krb5.c
index a728ebac1..a324ff15c 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -69,6 +69,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        krb5_principal server;
        char ccname[40];
        int tmpfd;
+        mode_t old_umask;
 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
@@ -147,7 +148,10 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-        if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
+        old_umask = umask(0177);
+        tmpfd = mkstemp(ccname + strlen("FILE:"));
+        umask(old_umask);
+        if (tmpfd == -1) {
                logit("mkstemp(): %.100s", strerror(errno));
                problem = errno;
                goto out;
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 6bd5830fb..91d87f798 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -134,11 +134,15 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
        {
                int tmpfd;
                char ccname[40];
+                mode_t old_umask;
                snprintf(ccname, sizeof(ccname),
                    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
-                if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+                old_umask = umask(0177);
+                tmpfd = mkstemp(ccname + strlen("FILE:"));
+                umask(old_umask);
+                if (tmpfd == -1) {
                        logit("mkstemp(): %.100s", strerror(errno));
                        problem = errno;
                        return;
diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
index f1a637a34..c8d59dee0 100644
--- a/openbsd-compat/xmmap.c
+++ b/openbsd-compat/xmmap.c
@@ -23,7 +23,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* $Id: xmmap.c,v 1.4 2004/05/13 06:39:34 dtucker Exp $ */
+/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */
 #include "includes.h"
@@ -50,8 +50,11 @@ void *xmmap(size_t size)
        if (address == MAP_FAILED) {
                char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
                int tmpfd;
+                mode_t old_umask;
+                old_umask = umask(0177);
                tmpfd = mkstemp(tmpname);
+                umask(old_umask);
                if (tmpfd == -1)
                        fatal("mkstemp(\"%s\"): %s",
                            MM_SWAP_TEMPLATE, strerror(errno));
author	Darren Tucker <dtucker@zip.com.au>	2004-08-14 23:55:37 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2004-08-14 23:55:37 +1000
commit	066969339dcd0352965de0ab1b5f693cf2a7fee8 (patch)
tree	df36cda53b0cb0050084516295cd1529e48f01ef
parent	a763105c0f6e4d58f2e477597d1cf5ca5317b1a1 (diff)