summaryrefslogtreecommitdiffstats
path: root/src/p11_child/p11_child_nss.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/p11_child/p11_child_nss.c')
-rw-r--r--src/p11_child/p11_child_nss.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/p11_child/p11_child_nss.c b/src/p11_child/p11_child_nss.c
index 123b99348..8a383a044 100644
--- a/src/p11_child/p11_child_nss.c
+++ b/src/p11_child/p11_child_nss.c
@@ -481,8 +481,12 @@ int main(int argc, const char *argv[])
/* Set debug level to invalid value so we can decide if -d 0 was used. */
debug_level = SSSDBG_INVALID;
+ /*
+ * This child runs as root (setuid(0)), so we need clear environment and
+ * set permissions for security reasons.
+ */
clearenv();
- umask(SSS_DFL_X_UMASK);
+ umask(SSS_DFL_UMASK);
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while ((opt = poptGetNextOpt(pc)) != -1) {
generated by cgit (git 2.34.1) at 2024-05-15 19:30:59 +0000