From 066969339dcd0352965de0ab1b5f693cf2a7fee8 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sat, 14 Aug 2004 23:55:37 +1000
Subject:  - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]   
 Explicitly set umask for mkstemp; ok djm@

---
 auth-krb5.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'auth-krb5.c')

diff --git a/auth-krb5.c b/auth-krb5.c
index a728ebac..a324ff15 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -69,6 +69,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 	krb5_principal server;
 	char ccname[40];
 	int tmpfd;
+	mode_t old_umask;
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
@@ -147,7 +148,10 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
 	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 
-	if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
+	old_umask = umask(0177);
+	tmpfd = mkstemp(ccname + strlen("FILE:"));
+	umask(old_umask);
+	if (tmpfd == -1) {
 		logit("mkstemp(): %.100s", strerror(errno));
 		problem = errno;
 		goto out;
-- 
cgit v1.2.3