Create /etc/opiekeys with 0600, not 0644

PR:     84221

2 files changed, 7 insertions, 3 deletions

diff --git a/contrib/opie/libopie/readrec.c b/contrib/opie/libopie/readrec.c
index 98ec658..f56af7f 100644
--- a/contrib/opie/libopie/readrec.c
+++ b/contrib/opie/libopie/readrec.c
@@ -14,6 +14,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
 		support. Fixed a debug message typo. Keep going after bogus
                 records. Set read flag.
 	Created by cmetz for OPIE 2.3.
+
+$FreeBSD$
 */
 #include "opie_cfg.h"
 
@@ -94,7 +96,7 @@ int __opiereadrec FUNCTION((opie), struct opie *opie)
   FILE *f = NULL;
   int rval = -1;
 
-  if (!(f = __opieopen(KEY_FILE, 0, 0644))) {
+  if (!(f = __opieopen(KEY_FILE, 0, 0600))) {
 #if DEBUG
     syslog(LOG_DEBUG, "__opiereadrec: __opieopen(KEY_FILE..) failed!");
 #endif /* DEBUG */
diff --git a/contrib/opie/libopie/writerec.c b/contrib/opie/libopie/writerec.c
index 5ba53fe..3d88b34 100644
--- a/contrib/opie/libopie/writerec.c
+++ b/contrib/opie/libopie/writerec.c
@@ -13,6 +13,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
 	Modified by cmetz for OPIE 2.31. Removed active attack protection
 		support. Fixed passwd bug.
 	Created by cmetz for OPIE 2.3 from passwd.c.
+
+$FreeBSD$
 */
 #include "opie_cfg.h"
 
@@ -65,13 +67,13 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
 
   switch(i) {
   case 0:
-    if (!(f = __opieopen(KEY_FILE, 1, 0644)))
+    if (!(f = __opieopen(KEY_FILE, 1, 0600)))
       return -1;
     if (fseek(f, opie->opie_recstart, SEEK_SET))
       return -1;
     break;
   case 1:
-    if (!(f = __opieopen(KEY_FILE, 2, 0644)))
+    if (!(f = __opieopen(KEY_FILE, 2, 0600)))
       return -1;
     break;
   default: