From 2d430f5746ff743957a88b3d67c2cb037327ad56 Mon Sep 17 00:00:00 2001
From: joerg <joerg@FreeBSD.org>
Date: Fri, 26 Apr 1996 21:33:18 +0000
Subject: /etc/skeykeys was basically suffering from the same vulnerability as
 any non-shadowed /etc/passwd.  Ironically, all programs using S/Key have
 already been setuid root except keyinfo(1).

This modification creates /etc/skeykeys with mode 0600 to prevent it
from being examined by ordinary users.
---
 lib/libskey/skeylogin.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/libskey')

diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
index 229fc61..ee9c277 100644
--- a/lib/libskey/skeylogin.c
+++ b/lib/libskey/skeylogin.c
@@ -103,11 +103,13 @@ char *name;
 	long recstart;
 	char *cp, *p;
 	struct stat statbuf;
+	mode_t oldmask;
 
 	/* See if the _PATH_SKEYFILE exists, and create it if not */
 	if(stat(_PATH_SKEYFILE,&statbuf) == -1 && errno == ENOENT){
+		oldmask = umask(S_IRWXG|S_IRWXO);
 		mp->keyfile = fopen(_PATH_SKEYFILE,"w+");
-		(void) chmod(_PATH_SKEYFILE, 0644);
+		(void)umask(oldmask);
 	} else {
 		/* Otherwise open normally for update */
 		mp->keyfile = fopen(_PATH_SKEYFILE,"r+");
-- 
cgit v1.1