- dtucker@cvs.openbsd.org 2008/06/14 17:07:11 [sshd.c] ensure default umask disallows at least group and world write; ok djm@

commit: 6ca16c63c273cf17a8ab10b92f0a5d0a12d23488 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Mon Jun 16 07:50:58 2008 +1000
committer: Damien Miller <djm@mindrot.org> Mon Jun 16 07:50:58 2008 +1000
tree: d90b0caa46e5613a3d6feb7f366799a99811f707
parent: 2a6284782de821a5c741d6bcd4f05cf650df34c5 [diff] [blame]
diff --git a/sshd.c b/sshd.c
index 5b89231..8ebbbee 100644
--- a/sshd.c
+++ b/sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.361 2008/06/14 15:49:48 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.362 2008/06/14 17:07:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1245,6 +1245,7 @@
 	int remote_port;
 	char *line, *p, *cp;
 	int config_s[2] = { -1 , -1 };
+	mode_t new_umask;
 	Key *key;
 	Authctxt *authctxt;
 
@@ -1610,6 +1611,10 @@
 		rexec_argv[rexec_argc + 1] = NULL;
 	}
 
+	/* Ensure that umask disallows at least group and world write */
+	new_umask = umask(0077) | 0022;
+	(void) umask(new_umask);
+
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && (!inetd_flag || rexeced_flag))
 		log_stderr = 1;
commit	6ca16c63c273cf17a8ab10b92f0a5d0a12d23488	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Mon Jun 16 07:50:58 2008 +1000
committer	Damien Miller <djm@mindrot.org>	Mon Jun 16 07:50:58 2008 +1000
tree	d90b0caa46e5613a3d6feb7f366799a99811f707
parent	2a6284782de821a5c741d6bcd4f05cf650df34c5 [diff] [blame]