From 2ece3ed4c8e56f4b41c5e6d6329035dc2bb4406e Mon Sep 17 00:00:00 2001 From: Pierre Beyssac Date: Sat, 26 Jun 1999 12:15:39 +0000 Subject: [PATCH] Force umask to 077 (instead of 000) during the edit phase, to get secure permissions in case the user attempts to save something to a file of his own. Move umask stuff out of pw_init() into main() for better visibility of overall umask tweaking logic. PR: misc/11797 --- lib/libutil/pw_util.c | 5 +---- usr.sbin/vipw/pw_util.c | 5 +---- usr.sbin/vipw/vipw.c | 6 +++++- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c index cdfcc4d28a04..5930342229b3 100644 --- a/lib/libutil/pw_util.c +++ b/lib/libutil/pw_util.c @@ -36,7 +36,7 @@ static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: pw_util.c,v 1.13 1998/12/13 01:39:32 dillon Exp $"; + "$Id: pw_util.c,v 1.14 1999/06/26 07:16:38 sheldonh Exp $"; #endif /* not lint */ /* @@ -103,9 +103,6 @@ pw_init() (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGTERM, SIG_IGN); (void)signal(SIGCONT, pw_cont); - - /* Create with exact permissions. */ - (void)umask(0); } int diff --git a/usr.sbin/vipw/pw_util.c b/usr.sbin/vipw/pw_util.c index cdfcc4d28a04..5930342229b3 100644 --- a/usr.sbin/vipw/pw_util.c +++ b/usr.sbin/vipw/pw_util.c @@ -36,7 +36,7 @@ static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: pw_util.c,v 1.13 1998/12/13 01:39:32 dillon Exp $"; + "$Id: pw_util.c,v 1.14 1999/06/26 07:16:38 sheldonh Exp $"; #endif /* not lint */ /* @@ -103,9 +103,6 @@ pw_init() (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGTERM, SIG_IGN); (void)signal(SIGCONT, pw_cont); - - /* Create with exact permissions. */ - (void)umask(0); } int diff --git a/usr.sbin/vipw/vipw.c b/usr.sbin/vipw/vipw.c index e7d8778ad3b5..dc04d065bb0d 100644 --- a/usr.sbin/vipw/vipw.c +++ b/usr.sbin/vipw/vipw.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)vipw.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: vipw.c,v 1.6 1999/06/26 07:16:42 sheldonh Exp $"; + "$Id: vipw.c,v 1.7 1999/06/26 10:45:06 sheldonh Exp $"; #endif /* not lint */ #include @@ -100,10 +100,14 @@ main(argc, argv) usage(); pw_init(); + /* Create with exact permissions. */ + (void)umask(0); pfd = pw_lock(); tfd = pw_tmp(); copyfile(pfd, tfd); (void)close(tfd); + /* Force umask for partial writes made in the edit phase */ + (void)umask(077); for (;;) { if (stat(tempname, &begin))