diff options
Diffstat (limited to 'lib-src')
| -rw-r--r-- | lib-src/ChangeLog | 4 | ||||
| -rw-r--r-- | lib-src/movemail.c | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog index 9900f385ce9..67c17cde8cb 100644 --- a/lib-src/ChangeLog +++ b/lib-src/ChangeLog | |||
| @@ -2,6 +2,10 @@ | |||
| 2 | 2 | ||
| 3 | * movemail.c (main): Call umask on all systems. | 3 | * movemail.c (main): Call umask on all systems. |
| 4 | This is OK since Emacs already assumes umask elsewhere. | 4 | This is OK since Emacs already assumes umask elsewhere. |
| 5 | Don't grant more read permissions than necessary. | ||
| 6 | The old 0333 dates back to before we called setuid, | ||
| 7 | so it was needed back then to ensure user-readability, | ||
| 8 | but 0377 should suffice now. | ||
| 5 | 9 | ||
| 6 | 2013-02-08 Paul Eggert <eggert@cs.ucla.edu> | 10 | 2013-02-08 Paul Eggert <eggert@cs.ucla.edu> |
| 7 | 11 | ||
diff --git a/lib-src/movemail.c b/lib-src/movemail.c index 386e28de711..190937d762b 100644 --- a/lib-src/movemail.c +++ b/lib-src/movemail.c | |||
| @@ -380,9 +380,9 @@ main (int argc, char **argv) | |||
| 380 | if (indesc < 0) | 380 | if (indesc < 0) |
| 381 | pfatal_with_name (inname); | 381 | pfatal_with_name (inname); |
| 382 | 382 | ||
| 383 | /* In case movemail is setuid to root, make sure the user can | 383 | /* Make sure the user can read the output file. */ |
| 384 | read the output file. */ | 384 | umask (umask (0) & 0377); |
| 385 | umask (umask (0) & 0333); | 385 | |
| 386 | outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666); | 386 | outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666); |
| 387 | if (outdesc < 0) | 387 | if (outdesc < 0) |
| 388 | pfatal_with_name (outname); | 388 | pfatal_with_name (outname); |