- djm@cvs.openbsd.org 2014/07/18 02:46:01

[ssh-agent.c] restore umask around listener socket creation (dropped in streamlocal patch merge)
2025-07-31 01:35:11 +02:00 · 2014-07-18 15:04:47 +10:00 · 2014-07-18 15:04:47 +10:00 · ab2ec586ba
commit ab2ec586ba
parent 357610d159
2 changed files with 8 additions and 1 deletions
--- a/4
+++ b/4
@ -33,6 +33,10 @@
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
+   - djm@cvs.openbsd.org 2014/07/18 02:46:01
+     [ssh-agent.c]
+     restore umask around listener socket creation (dropped in streamlocal patch
+     merge)

 20140717
 - (djm) [digest-openssl.c] Preserve array order when disabling digests.
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.188 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.189 2014/07/18 02:46:01 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1047,6 +1047,7 @@ main(int ac, char **av)
 	char pidstrbuf[1 + 3 * sizeof pid];
 	struct timeval *tvp = NULL;
 	size_t len;
+	mode_t prev_mask;

 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@ -1159,12 +1160,14 @@ main(int ac, char **av)
 	 * Create socket early so it will exist before command gets run from
 	 * the parent.
 	 */
+	prev_mask = umask(0177);
 	sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
 	if (sock < 0) {
 		/* XXX - unix_listener() calls error() not perror() */
 		*socket_name = '\0'; /* Don't unlink any existing file */
 		cleanup_exit(1);
 	}
+	umask(prev_mask);

 	/*
 	 * Fork, and have the parent execute the command, if any, or present