* movemail.c: Don't grant more read permissions than necessary.

The old 0333 dates back to before we called setuid, so it was needed back then to ensure user-readability, but 0377 should suffice now.
author: Paul Eggert 2013-03-12 18:05:40 -0700
committer: Paul Eggert 2013-03-12 18:05:40 -0700
commit: 9e3edd30c34a2b6bfa031f301e9660ca8665462e (patch)
tree: 90f6a88f8b578047c99db3e71a556845ec749844 /lib-src
parent: f58afc72bd0fd54189c2ca66b9907ca0d338de75 (diff)
download: emacs-9e3edd30c34a2b6bfa031f301e9660ca8665462e.tar.gz
emacs-9e3edd30c34a2b6bfa031f301e9660ca8665462e.zip
2 files changed, 7 insertions, 3 deletions
diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog
index 9900f385ce9..67c17cde8cb 100644
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@ -2,6 +2,10 @@
        * movemail.c (main): Call umask on all systems.
        This is OK since Emacs already assumes umask elsewhere.
+        Don't grant more read permissions than necessary.
+        The old 0333 dates back to before we called setuid,
+        so it was needed back then to ensure user-readability,
+        but 0377 should suffice now.
 2013-02-08  Paul Eggert  <eggert@cs.ucla.edu>
diff --git a/lib-src/movemail.c b/lib-src/movemail.c
index 386e28de711..190937d762b 100644
--- a/lib-src/movemail.c
+++ b/lib-src/movemail.c
@@ -380,9 +380,9 @@ main (int argc, char **argv)
      if (indesc < 0)
        pfatal_with_name (inname);
-      /* In case movemail is setuid to root, make sure the user can
+      /* Make sure the user can read the output file.  */
-         read the output file.  */
+      umask (umask (0) & 0377);
-      umask (umask (0) & 0333);
      outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666);
      if (outdesc < 0)
        pfatal_with_name (outname);
author	Paul Eggert	2013-03-12 18:05:40 -0700
committer	Paul Eggert	2013-03-12 18:05:40 -0700
commit	9e3edd30c34a2b6bfa031f301e9660ca8665462e (patch)
tree	90f6a88f8b578047c99db3e71a556845ec749844 /lib-src
parent	f58afc72bd0fd54189c2ca66b9907ca0d338de75 (diff)
download	emacs-9e3edd30c34a2b6bfa031f301e9660ca8665462e.tar.gz emacs-9e3edd30c34a2b6bfa031f301e9660ca8665462e.zip

diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog index 9900f385ce9..67c17cde8cb 100644 --- a/lib-src/ChangeLog +++ b/lib-src/ChangeLog
@@ -2,6 +2,10 @@
2		2
3	* movemail.c (main): Call umask on all systems.	3	* movemail.c (main): Call umask on all systems.
4	This is OK since Emacs already assumes umask elsewhere.	4	This is OK since Emacs already assumes umask elsewhere.
		5	Don't grant more read permissions than necessary.
		6	The old 0333 dates back to before we called setuid,
		7	so it was needed back then to ensure user-readability,
		8	but 0377 should suffice now.
5		9
6	2013-02-08 Paul Eggert <eggert@cs.ucla.edu>	10	2013-02-08 Paul Eggert <eggert@cs.ucla.edu>
7		11


diff --git a/lib-src/movemail.c b/lib-src/movemail.c index 386e28de711..190937d762b 100644 --- a/lib-src/movemail.c +++ b/lib-src/movemail.c
@@ -380,9 +380,9 @@ main (int argc, char **argv)
380	if (indesc < 0)	380	if (indesc < 0)
381	pfatal_with_name (inname);	381	pfatal_with_name (inname);
382		382
383	/* In case movemail is setuid to root, make sure the user can	383	/* Make sure the user can read the output file. */
384	read the output file. */	384	umask (umask (0) & 0377);
385	umask (umask (0) & 0333);	385
386	outdesc = open (outname, O_WRONLY \| O_CREAT \| O_EXCL, 0666);	386	outdesc = open (outname, O_WRONLY \| O_CREAT \| O_EXCL, 0666);
387	if (outdesc < 0)	387	if (outdesc < 0)
388	pfatal_with_name (outname);	388	pfatal_with_name (outname);