From 727707b49be111731e96993f4209d163bc73f41d Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Wed, 7 Mar 2012 07:54:49 -0500
Subject: Add umask before mkstemp() call in SSH responder

---
 src/responder/ssh/sshsrv_cmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index 9d553f73e..cae0b87c0 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -439,6 +439,7 @@ ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx)
     int fd = -1;
     char *filename, *pubkey, *line;
     ssize_t wret;
+    mode_t old_mask;
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) {
@@ -452,7 +453,9 @@ ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx)
         goto done;
     }
 
+    old_mask = umask(0133);
     fd = mkstemp(filename);
+    umask(old_mask);
     if (fd == -1) {
         filename = NULL;
         ret = errno;
-- 
cgit