oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Set umask before creating credentials database to make sure cache is user only readable

Browse Source 
Reported by Anton Lundin <glance@acc.umu.se>
This commit is contained in:
Love Hornquist Astrand
2009-08-20 08:40:50 -07:00
parent 76afc31e9b
commit 14a68d5668
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/krb5/scache.c
View File

@@ -381,7 +381,9 @@ make_database(krb5_context context, krb5_scache *s)
ret = open_database(context, s, 0); ret = open_database(context, s, 0);
if (ret) { if (ret) {
mode_t oldumask = umask(077);
ret = open_database(context, s, SQLITE_OPEN_CREATE); ret = open_database(context, s, SQLITE_OPEN_CREATE);
umask(oldumask);
if (ret) goto out; if (ret) goto out;
created_file = 1; created_file = 1;