From 14a68d5668c59e9bd07e2824a32155e6d4a0eb52 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Thu, 20 Aug 2009 08:40:50 -0700
Subject: [PATCH] Set umask before creating credentials database to make sure
 cache is user only readable

Reported by Anton Lundin <glance@acc.umu.se>
---
 lib/krb5/scache.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c
index 4f8958064..8ff8d0ad5 100644
--- a/lib/krb5/scache.c
+++ b/lib/krb5/scache.c
@@ -381,7 +381,9 @@ make_database(krb5_context context, krb5_scache *s)
 
     ret = open_database(context, s, 0);
     if (ret) {
+	mode_t oldumask = umask(077);
 	ret = open_database(context, s, SQLITE_OPEN_CREATE);
+	umask(oldumask);
 	if (ret) goto out;
 
 	created_file = 1;