- (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to

occur after UID switch; patch from John Marshall via des AT des.no; ok dtucker@
author: Damien Miller <djm@mindrot.org> 2013-03-15 11:22:37 +1100
committer: Damien Miller <djm@mindrot.org> 2013-03-15 11:22:37 +1100
commit: 585284019020eccaf0ce744df198bd56b6aa109f (patch)
tree: 7756a5cb2b679af3477af2e399b740f03cd2020b
parent: f4db77d7668104c1237636781cfbd59ef30f79b0 (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 9f6fc705..f9f2166b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
    des.no
  - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
    Add a usleep replacement for platforms that lack it; ok dtucker
+ - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
+   occur after UID switch; patch from John Marshall via des AT des.no;
+   ok dtucker@
 
 20120312
  - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
diff --git a/session.c b/session.c
index 643e7fc5..19eaa20c 100644
--- a/session.c
+++ b/session.c
@@ -1520,6 +1520,11 @@ do_setusercontext(struct passwd *pw)
 			perror("unable to set user context (setuser)");
 			exit(1);
 		}
+		/* 
+		 * FreeBSD's setusercontext() will not apply the user's
+		 * own umask setting unless running with the user's UID.
+		 */
+		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 #else
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
author	Damien Miller <djm@mindrot.org>	2013-03-15 11:22:37 +1100
committer	Damien Miller <djm@mindrot.org>	2013-03-15 11:22:37 +1100
commit	585284019020eccaf0ce744df198bd56b6aa109f (patch)
tree	7756a5cb2b679af3477af2e399b740f03cd2020b
parent	f4db77d7668104c1237636781cfbd59ef30f79b0 (diff)