From fb75e886c2f203fe8c10e572cd4d8c635941678d Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Wed, 7 Oct 2015 08:57:15 -0400 Subject: KRB5_CHILD: More restrictive umask We could use more restrictive umask in krb5_child. I found out that there is directory creation, but it is done by create_ccache_dir() which has its own umask setup. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek --- src/providers/krb5/krb5_child.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 69b768718..be8db23df 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -720,7 +720,7 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) #endif /* Set a restrictive umask, just in case we end up creating any file */ - umask(SSS_DFL_X_UMASK); + umask(SSS_DFL_UMASK); /* we create a new context here as the main process one may have been * opened as root and contain possibly references (even open handles ?) -- cgit