From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 28 Feb 2015 11:28:04 +0000 (+0000)
Subject: [Bug 2766] ntp-keygen output files should not be world-readable
X-Git-Tag: NTP_4_3_3~8^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40c519a6e02ccd56d7829e57429e81207ff6a68e;p=thirdparty%2Fntp.git

[Bug 2766] ntp-keygen output files should not be world-readable

bk: 54f1a644dvmU_20LIYcuNn9Tw3XFeA
---

diff --git a/ChangeLog b/ChangeLog
index 8c722fb6c..8f880f4ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@
 * [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
 * [Bug 2757] Quiet compiler warnings.
 * [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
+* [Bug 2766] ntp-keygen output files should not be world-readable.
 ---
 (4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c
index c16902161..7eb15abee 100644
--- a/util/ntp-keygen.c
+++ b/util/ntp-keygen.c
@@ -2170,10 +2170,14 @@ fheader	(
 	FILE	*str;		/* file handle */
 	char	linkname[MAXFILENAME]; /* link name */
 	int	temp;
+        mode_t  orig_umask;
 
 	snprintf(filename, sizeof(filename), "ntpkey_%s_%s.%u", file,
 	    owner, fstamp); 
-	if ((str = fopen(filename, "w")) == NULL) {
+        orig_umask = umask( S_IWGRP | S_IRWXO );
+        str = fopen(filename, "w");
+        (void) umask(orig_umask);
+	if (str == NULL) {
 		perror("Write");
 		exit (-1);
 	}