From 2ec88e9d1bcc5eabc01e8524c586254d8c012c3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Wed, 13 Mar 2013 09:41:55 +0000
Subject: [PATCH] Unlike OpenBSD's, our setusercontext() will intentionally
 ignore the user's own umask setting (from ~/.login.conf) unless running with
 the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after
 changing UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
MFC after:	1 week
---
 crypto/openssh/session.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 57a3e18c2cbc..82913ff5b9ef 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -1533,6 +1533,12 @@ do_setusercontext(struct passwd *pw)
 			perror("unable to set user context (setuser)");
 			exit(1);
 		}
+
+		/*
+		 * FreeBSD's setusercontext() will not apply the user's
+		 * own umask setting unless running with the user's UID.
+		 */
+		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 #else
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);