Force umask to 077 (instead of 000) during the edit phase, to get
secure permissions in case the user attempts to save something to a file of his own. Move umask stuff out of pw_init() into main() for better visibility of overall umask tweaking logic. PR: misc/11797
This commit is contained in:
parent
6d4ce7aa8c
commit
2ece3ed4c8
|
@ -36,7 +36,7 @@
|
|||
static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id: pw_util.c,v 1.13 1998/12/13 01:39:32 dillon Exp $";
|
||||
"$Id: pw_util.c,v 1.14 1999/06/26 07:16:38 sheldonh Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
|
@ -103,9 +103,6 @@ pw_init()
|
|||
(void)signal(SIGQUIT, SIG_IGN);
|
||||
(void)signal(SIGTERM, SIG_IGN);
|
||||
(void)signal(SIGCONT, pw_cont);
|
||||
|
||||
/* Create with exact permissions. */
|
||||
(void)umask(0);
|
||||
}
|
||||
|
||||
int
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id: pw_util.c,v 1.13 1998/12/13 01:39:32 dillon Exp $";
|
||||
"$Id: pw_util.c,v 1.14 1999/06/26 07:16:38 sheldonh Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
|
@ -103,9 +103,6 @@ pw_init()
|
|||
(void)signal(SIGQUIT, SIG_IGN);
|
||||
(void)signal(SIGTERM, SIG_IGN);
|
||||
(void)signal(SIGCONT, pw_cont);
|
||||
|
||||
/* Create with exact permissions. */
|
||||
(void)umask(0);
|
||||
}
|
||||
|
||||
int
|
||||
|
|
|
@ -42,7 +42,7 @@ static const char copyright[] =
|
|||
static char sccsid[] = "@(#)vipw.c 8.3 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id: vipw.c,v 1.6 1999/06/26 07:16:42 sheldonh Exp $";
|
||||
"$Id: vipw.c,v 1.7 1999/06/26 10:45:06 sheldonh Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -100,10 +100,14 @@ main(argc, argv)
|
|||
usage();
|
||||
|
||||
pw_init();
|
||||
/* Create with exact permissions. */
|
||||
(void)umask(0);
|
||||
pfd = pw_lock();
|
||||
tfd = pw_tmp();
|
||||
copyfile(pfd, tfd);
|
||||
(void)close(tfd);
|
||||
/* Force umask for partial writes made in the edit phase */
|
||||
(void)umask(077);
|
||||
|
||||
for (;;) {
|
||||
if (stat(tempname, &begin))
|
||||
|
|
Loading…
Reference in New Issue