- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 6bd5830..91d87f7 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -134,11 +134,15 @@
{
int tmpfd;
char ccname[40];
+ mode_t old_umask;
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
- if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+ old_umask = umask(0177);
+ tmpfd = mkstemp(ccname + strlen("FILE:"));
+ umask(old_umask);
+ if (tmpfd == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
return;