- dtucker@cvs.openbsd.org 2008/06/14 17:07:11

     [sshd.c]
     ensure default umask disallows at least group and world write; ok djm@

diff --git a/ChangeLog b/ChangeLog
index 53a0ab8aa9c990d95d4a167b5d4e8c97d39ff299..347a39618cde05e661407e38648b80c6b72e97b1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
    - dtucker@cvs.openbsd.org 2008/06/14 15:49:48
      [sshd.c]
      wrap long line at 80 chars
+   - dtucker@cvs.openbsd.org 2008/06/14 17:07:11
+     [sshd.c]
+     ensure default umask disallows at least group and world write; ok djm@
 
 20080614
  - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction

diff --git a/sshd.c b/sshd.c
index 5b89231f1e9caa3002e31a15d956895528f08b11..8ebbbee7bbb997c81605a3d6a8c9e99a0e442c2e 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.361 2008/06/14 15:49:48 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.362 2008/06/14 17:07:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1245,6 +1245,7 @@ main(int ac, char **av)
        int remote_port;
        char *line, *p, *cp;
        int config_s[2] = { -1 , -1 };
+       mode_t new_umask;
        Key *key;
        Authctxt *authctxt;
 
@@ -1610,6 +1611,10 @@ main(int ac, char **av)
                rexec_argv[rexec_argc + 1] = NULL;
        }
 
+       /* Ensure that umask disallows at least group and world write */
+       new_umask = umask(0077) | 0022;
+       (void) umask(new_umask);
+
        /* Initialize the log (it is reinitialized below in case we forked). */
        if (debug_flag && (!inetd_flag || rexeced_flag))
                log_stderr = 1;