- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]

   Explicitly set umask for mkstemp; ok djm@

diff --git a/ChangeLog b/ChangeLog
index 754e535ca8777c8be92399270635b72d0e8f1d6f..c83a8ca628c63990d91bfa29d1d6877956a3cb0e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20040814
+ - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
+   Explicitly set umask for mkstemp; ok djm@
+

 20040813
  - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
    redhat.com
 20040813
  - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
    redhat.com

diff --git a/auth-krb5.c b/auth-krb5.c
index a728ebac11042735dc259ac40a25073b45459332..a324ff15c03fb4a338a7b77219848f9f6771a815 100644 (file)
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -69,6 +69,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        krb5_principal server;
        char ccname[40];
        int tmpfd;
        krb5_principal server;
        char ccname[40];
        int tmpfd;

+       mode_t old_umask;

 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;


@@ -147,7 +148,10 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 
 
        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 

-       if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
+       old_umask = umask(0177);
+       tmpfd = mkstemp(ccname + strlen("FILE:"));
+       umask(old_umask);
+       if (tmpfd == -1) {

                logit("mkstemp(): %.100s", strerror(errno));
                problem = errno;
                goto out;
                logit("mkstemp(): %.100s", strerror(errno));
                problem = errno;
                goto out;

diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 6bd5830fb6cd940e17e5a2786071cfcaa868c22c..91d87f798f8319978b7c32f7c39fcecfd89a52dc 100644 (file)
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -134,11 +134,15 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
        {
                int tmpfd;
                char ccname[40];
        {
                int tmpfd;
                char ccname[40];

+               mode_t old_umask;

 
                snprintf(ccname, sizeof(ccname),
                    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
 
 
                snprintf(ccname, sizeof(ccname),
                    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
 

-               if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+               old_umask = umask(0177);
+               tmpfd = mkstemp(ccname + strlen("FILE:"));
+               umask(old_umask);
+               if (tmpfd == -1) {

                        logit("mkstemp(): %.100s", strerror(errno));
                        problem = errno;
                        return;
                        logit("mkstemp(): %.100s", strerror(errno));
                        problem = errno;
                        return;

diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
index 07902db8ae51941d6e5af3149a5dd13b32f2ba9f..d136a3447b087d2a0340901db4cc9fb8ee35cad7 100644 (file)
--- a/openbsd-compat/xmmap.c
+++ b/openbsd-compat/xmmap.c
@@ -50,8 +50,11 @@ void *xmmap(size_t size)
        if (address == MAP_FAILED) {
                char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
                int tmpfd;
        if (address == MAP_FAILED) {
                char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
                int tmpfd;

+               mode_t old_umask;

 
 

+               old_umask = umask(0177);

                tmpfd = mkstemp(tmpname);
                tmpfd = mkstemp(tmpname);

+               umask(old_umask);

                if (tmpfd == -1)
                        fatal("mkstemp(\"%s\"): %s",
                            MM_SWAP_TEMPLATE, strerror(errno));
                if (tmpfd == -1)
                        fatal("mkstemp(\"%s\"): %s",
                            MM_SWAP_TEMPLATE, strerror(errno));