From 61cc9a713bf90c059ffcdc61123a0339d19ae773 Mon Sep 17 00:00:00 2001
From: Keith Bostic <bostic@ucbvax.Berkeley.EDU>
Date: Sat, 16 Apr 1994 15:00:14 -0800
Subject: [PATCH] If pwd_mkdb is invoked with a umask of, say 077, /etc/passwd
 will end up being unreadable. From: "Chris G. Demetriou"
 <cgd@sun-lamp.cs.berkeley.edu>

SCCS-vsn: usr.sbin/pwd_mkdb/pwd_mkdb.c 8.4
---
 usr/src/usr.sbin/pwd_mkdb/pwd_mkdb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/usr/src/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr/src/usr.sbin/pwd_mkdb/pwd_mkdb.c
index fa4d2543d0..bd95f54808 100644
--- a/usr/src/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr/src/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -12,7 +12,7 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)pwd_mkdb.c	8.3 (Berkeley) %G%";
+static char sccsid[] = "@(#)pwd_mkdb.c	8.4 (Berkeley) %G%";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -116,13 +116,15 @@ main(argc, argv)
 	 * Open file for old password file.  Minor trickiness -- don't want to
 	 * chance the file already existing, since someone (stupidly) might
 	 * still be using this for permission checking.  So, open it first and
-	 * fdopen the resulting fd.  Don't really care who reads it.
+	 * fdopen the resulting fd.  The resulting file should be readable by
+	 * everyone, don't trust the user's umask.
 	 */
 	if (makeold) {
 		(void)snprintf(buf, sizeof(buf), "%s.orig", pname);
 		if ((tfd = open(buf,
 		    O_WRONLY|O_CREAT|O_EXCL, PERM_INSECURE)) < 0)
 			error(buf);
+		(void)fchmod(tfd, PERM_INSECURE);
 		if ((oldfp = fdopen(tfd, "w")) == NULL)
 			error(buf);
 		clean = FILE_ORIG;
-- 
2.20.1