Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's

own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week
svn path=/head/; revision=248231
2013-03-13 09:41:55 +00:00 · 2013-03-13 09:41:55 +00:00 · 2ec88e9d1b · 2020-12-20 02:59:44 +00:00
commit 2ec88e9d1b
parent ca9feb490c
1 changed files with 6 additions and 0 deletions
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@ -1533,6 +1533,12 @@ do_setusercontext(struct passwd *pw)
 			perror("unable to set user context (setuser)");
 			exit(1);
 		}
+
+		/*
+		 * FreeBSD's setusercontext() will not apply the user's
+		 * own umask setting unless running with the user's UID.
+		 */
+		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 #else
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);