Set a restrictive umask so new files are only read/write by owner.

Coverity CID 221402
author: Todd C. Miller <Todd.Miller@sudo.ws> 2021-04-23 18:58:55 -0600
committer: Todd C. Miller <Todd.Miller@sudo.ws> 2021-04-23 18:58:55 -0600
commit: 2402f3ee5ea2c805e839bb8e5f09f2cbb6392e86 (patch)
tree: 15e7dc936fd494ef1e2e6a66baf94ab36a2e660c /logsrvd/logsrvd.c
parent: 100b584588cc3c416583b794f7d643979768225e (diff)
download: sudo-2402f3ee5ea2c805e839bb8e5f09f2cbb6392e86.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c
index 55373d925..12ec8a8e5 100644
--- a/logsrvd/logsrvd.c
+++ b/logsrvd/logsrvd.c
@@ -2049,6 +2049,9 @@ main(int argc, char *argv[])
     bindtextdomain("sudo", LOCALEDIR); /* XXX - add logsrvd domain */
     textdomain("sudo");
 
+    /* Create files readable/writable only by owner. */
+    umask(S_IRWXG|S_IRWXO);
+
     /* Register fatal/fatalx callback. */
     sudo_fatal_callback_register(logsrvd_cleanup);
author	Todd C. Miller <Todd.Miller@sudo.ws>	2021-04-23 18:58:55 -0600
committer	Todd C. Miller <Todd.Miller@sudo.ws>	2021-04-23 18:58:55 -0600
commit	2402f3ee5ea2c805e839bb8e5f09f2cbb6392e86 (patch)
tree	15e7dc936fd494ef1e2e6a66baf94ab36a2e660c /logsrvd/logsrvd.c
parent	100b584588cc3c416583b794f7d643979768225e (diff)
download	sudo-2402f3ee5ea2c805e839bb8e5f09f2cbb6392e86.tar.gz