diff options
author | Petr Cech <pcech@redhat.com> | 2015-10-07 08:57:15 -0400 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2015-11-05 16:07:51 +0100 |
commit | fb75e886c2f203fe8c10e572cd4d8c635941678d (patch) | |
tree | 3fcefe1e88e7b31e60a5f2f7660b44c8ce7d5f4a | |
parent | f43825305e7e4a266d3c3885ed0c53d991d37019 (diff) | |
download | sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.gz sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.xz sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.zip |
KRB5_CHILD: More restrictive umask
We could use more restrictive umask in krb5_child. I found out that
there is directory creation, but it is done by create_ccache_dir()
which has its own umask setup.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/providers/krb5/krb5_child.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 69b768718..be8db23df 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -720,7 +720,7 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) #endif /* Set a restrictive umask, just in case we end up creating any file */ - umask(SSS_DFL_X_UMASK); + umask(SSS_DFL_UMASK); /* we create a new context here as the main process one may have been * opened as root and contain possibly references (even open handles ?) |