diff options
author | pb <pb@FreeBSD.org> | 1999-06-26 12:15:39 +0000 |
---|---|---|
committer | pb <pb@FreeBSD.org> | 1999-06-26 12:15:39 +0000 |
commit | 2f10423ca8c93d41886e4a2029555624613fa43f (patch) | |
tree | 8b2d185387b980567968ea73c2269ee9dd82ed99 /usr.sbin/vipw | |
parent | 418f613da58f1a5e74d32645bcde00a5fcca9bb2 (diff) | |
download | FreeBSD-src-2f10423ca8c93d41886e4a2029555624613fa43f.zip FreeBSD-src-2f10423ca8c93d41886e4a2029555624613fa43f.tar.gz |
Force umask to 077 (instead of 000) during the edit phase, to get
secure permissions in case the user attempts to save something to
a file of his own.
Move umask stuff out of pw_init() into main() for better visibility
of overall umask tweaking logic.
PR: misc/11797
Diffstat (limited to 'usr.sbin/vipw')
-rw-r--r-- | usr.sbin/vipw/pw_util.c | 5 | ||||
-rw-r--r-- | usr.sbin/vipw/vipw.c | 6 |
2 files changed, 6 insertions, 5 deletions
diff --git a/usr.sbin/vipw/pw_util.c b/usr.sbin/vipw/pw_util.c index cdfcc4d..5930342 100644 --- a/usr.sbin/vipw/pw_util.c +++ b/usr.sbin/vipw/pw_util.c @@ -36,7 +36,7 @@ static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: pw_util.c,v 1.13 1998/12/13 01:39:32 dillon Exp $"; + "$Id: pw_util.c,v 1.14 1999/06/26 07:16:38 sheldonh Exp $"; #endif /* not lint */ /* @@ -103,9 +103,6 @@ pw_init() (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGTERM, SIG_IGN); (void)signal(SIGCONT, pw_cont); - - /* Create with exact permissions. */ - (void)umask(0); } int diff --git a/usr.sbin/vipw/vipw.c b/usr.sbin/vipw/vipw.c index e7d8778..dc04d06 100644 --- a/usr.sbin/vipw/vipw.c +++ b/usr.sbin/vipw/vipw.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)vipw.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: vipw.c,v 1.6 1999/06/26 07:16:42 sheldonh Exp $"; + "$Id: vipw.c,v 1.7 1999/06/26 10:45:06 sheldonh Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -100,10 +100,14 @@ main(argc, argv) usage(); pw_init(); + /* Create with exact permissions. */ + (void)umask(0); pfd = pw_lock(); tfd = pw_tmp(); copyfile(pfd, tfd); (void)close(tfd); + /* Force umask for partial writes made in the edit phase */ + (void)umask(077); for (;;) { if (stat(tempname, &begin)) |