From e4106d9e8fc87e2ce9e3c00d81098c4ee822ec94 Mon Sep 17 00:00:00 2001
From: cperciva <cperciva@FreeBSD.org>
Date: Thu, 3 Dec 2009 09:18:40 +0000
Subject: Disable SSL renegotiation in order to protect against a serious
 protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
---
 usr.sbin/freebsd-update/freebsd-update.sh | 1 +
 1 file changed, 1 insertion(+)

(limited to 'usr.sbin/freebsd-update')

diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
index 372add2..e1453c6 100644
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -603,6 +603,7 @@ fetch_check_params () {
 		echo ${WORKDIR}
 		exit 1
 	fi
+	chmod 700 ${WORKDIR}
 	cd ${WORKDIR} || exit 1
 
 	# Generate release number.  The s/SECURITY/RELEASE/ bit exists
-- 
cgit v1.1