KRB5_CHILD: More restrictive umask

We could use more restrictive umask in krb5_child. I found out that there is directory creation, but it is done by create_ccache_dir() which has its own umask setup. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Petr Cech <pcech@redhat.com> 2015-10-07 08:57:15 -0400
committer: Lukas Slebodnik <lslebodn@redhat.com> 2015-11-05 16:07:51 +0100
commit: fb75e886c2f203fe8c10e572cd4d8c635941678d (patch)
tree: 3fcefe1e88e7b31e60a5f2f7660b44c8ce7d5f4a
parent: f43825305e7e4a266d3c3885ed0c53d991d37019 (diff)
download: sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.gz
sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.xz
sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 69b768718..be8db23df 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -720,7 +720,7 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds)
 #endif
 
     /* Set a restrictive umask, just in case we end up creating any file */
-    umask(SSS_DFL_X_UMASK);
+    umask(SSS_DFL_UMASK);
 
     /* we create a new context here as the main process one may have been
      * opened as root and contain possibly references (even open handles ?)
author	Petr Cech <pcech@redhat.com>	2015-10-07 08:57:15 -0400
committer	Lukas Slebodnik <lslebodn@redhat.com>	2015-11-05 16:07:51 +0100
commit	fb75e886c2f203fe8c10e572cd4d8c635941678d (patch)
tree	3fcefe1e88e7b31e60a5f2f7660b44c8ce7d5f4a
parent	f43825305e7e4a266d3c3885ed0c53d991d37019 (diff)
download	sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.gz sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.tar.xz sssd-fb75e886c2f203fe8c10e572cd4d8c635941678d.zip