From 1e99f9b1455315f445d71a02aa21482c6507b87a Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Wed, 13 Mar 2013 09:41:55 +0000
Subject: Unlike OpenBSD's, our setusercontext() will intentionally ignore the
 user's own umask setting (from ~/.login.conf) unless running with the user's
 UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing
 UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
MFC after:	1 week
---
 crypto/openssh/session.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'crypto')

diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 57a3e18..82913ff 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -1533,6 +1533,12 @@ do_setusercontext(struct passwd *pw)
 			perror("unable to set user context (setuser)");
 			exit(1);
 		}
+
+		/*
+		 * FreeBSD's setusercontext() will not apply the user's
+		 * own umask setting unless running with the user's UID.
+		 */
+		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 #else
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
-- 
cgit v1.1