aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--uid.c3
2 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index d910c19d..af2e77ba 100644
--- a/NEWS
+++ b/NEWS
@@ -131,6 +131,8 @@ fetchmail-6.4.0 (not yet released):
* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
This was reported to break Kerberos-based authentication with Microsoft
Exchange 2013 by Greg Hudson.
+* Set umask properly before writing the .fetchids file, to avoid failing the
+ security check on the next run. Reported by Fabian Raab, Debian Bug#831611.
# KNOWN BUGS AND WORKAROUNDS
(This section floats upwards through the NEWS file so it stays with the
diff --git a/uid.c b/uid.c
index 7ee702b9..2db06733 100644
--- a/uid.c
+++ b/uid.c
@@ -469,11 +469,13 @@ void write_saved_lists(struct query *hostlist, const char *idfile)
report(stderr, GT_("Error deleting %s: %s\n"), idfile, strerror(errno));
} else {
char *newnam = (char *)xmalloc(strlen(idfile) + 2);
+ mode_t old_umask;
strcpy(newnam, idfile);
strcat(newnam, "_");
if (outlevel >= O_DEBUG)
report(stdout, GT_("Writing fetchids file.\n"));
(void)unlink(newnam); /* remove file/link first */
+ old_umask = umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
if ((tmpfp = fopen(newnam, "w")) != (FILE *)NULL) {
struct write_saved_info info;
int errflg = 0;
@@ -517,6 +519,7 @@ bailout:
report(stderr, GT_("Cannot open fetchids file %s for writing: %s\n"), newnam, strerror(errno));
}
free(newnam);
+ (void)umask(old_umask);
}
}
#endif /* POP3_ENABLE */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-26 11:11:47 +0000