diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-16 17:02:39 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-17 19:49:36 +0200 |
commit | fd0ef16f9bf46f916db0e30fa0ca0a2e2f5448b8 (patch) | |
tree | c5a81c5d5a75ad5ca68057754c6840d345ee1116 | |
parent | bc37d074ce6ca702c4b51f891863cd6a7316e048 (diff) | |
download | sssd-fd0ef16f9bf46f916db0e30fa0ca0a2e2f5448b8.tar.gz sssd-fd0ef16f9bf46f916db0e30fa0ca0a2e2f5448b8.tar.xz sssd-fd0ef16f9bf46f916db0e30fa0ca0a2e2f5448b8.zip |
KRB5: Call umask before mkstemp in the krb5 child code
-rw-r--r-- | src/providers/krb5/krb5_child.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index f896332d6..032f5020e 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -439,6 +439,7 @@ static errno_t handle_randomized(char *in) char *ccname = NULL; int ret; int fd; + mode_t old_umask; /* We only treat the FILE type case in a special way due to the history * of storing FILE type ccache in /tmp and associated security issues */ @@ -460,7 +461,9 @@ static errno_t handle_randomized(char *in) * something races, we mostly care only about not accidentally use * an existing name and thus failing in the process of saving the * cache. Malicious races can only be avoided by libkrb5 itself. */ + old_umask = umask(077); fd = mkstemp(ccname); + umask(old_umask); if (fd == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("mkstemp(\"%s\") failed!\n", ccname)); |