- dtucker@cvs.openbsd.org 2008/06/14 17:07:11
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
diff --git a/ChangeLog b/ChangeLog
index 5b1cb29..30e8d2c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
+ - dtucker@cvs.openbsd.org 2008/06/14 17:07:11
+ [sshd.c]
+ ensure default umask disallows at least group and world write; ok djm@
20080614
- (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
@@ -4376,4 +4379,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.5013 2008/06/15 21:50:24 djm Exp $
+$Id: ChangeLog,v 1.5014 2008/06/15 21:50:58 djm Exp $
diff --git a/sshd.c b/sshd.c
index 5b89231..8ebbbee 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.361 2008/06/14 15:49:48 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.362 2008/06/14 17:07:11 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1245,6 +1245,7 @@
int remote_port;
char *line, *p, *cp;
int config_s[2] = { -1 , -1 };
+ mode_t new_umask;
Key *key;
Authctxt *authctxt;
@@ -1610,6 +1611,10 @@
rexec_argv[rexec_argc + 1] = NULL;
}
+ /* Ensure that umask disallows at least group and world write */
+ new_umask = umask(0077) | 0022;
+ (void) umask(new_umask);
+
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && (!inetd_flag || rexeced_flag))
log_stderr = 1;