* movemail.c: Don't grant more read permissions than necessary.

The old 0333 dates back to before we called setuid,
so it was needed back then to ensure user-readability,
but 0377 should suffice now.

diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog
index 9900f385ce9452886cd82cf732ee51b85a5960f3..67c17cde8cb2445a3c250a64228d18cb03d47d0c 100644 (file)
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@ -2,6 +2,10 @@
 
        * movemail.c (main): Call umask on all systems.
        This is OK since Emacs already assumes umask elsewhere.
+       Don't grant more read permissions than necessary.
+       The old 0333 dates back to before we called setuid,
+       so it was needed back then to ensure user-readability,
+       but 0377 should suffice now.
 
 2013-02-08  Paul Eggert  <eggert@cs.ucla.edu>
 

diff --git a/lib-src/movemail.c b/lib-src/movemail.c
index 386e28de7111031531e6c9347852e1805b2c7f36..190937d762bd575ed75f3af39af13cce85e49890 100644 (file)
--- a/lib-src/movemail.c
+++ b/lib-src/movemail.c
@@ -380,9 +380,9 @@ main (int argc, char **argv)
       if (indesc < 0)
        pfatal_with_name (inname);
 
-      /* In case movemail is setuid to root, make sure the user can
-        read the output file.  */
-      umask (umask (0) & 0333);
+      /* Make sure the user can read the output file.  */
+      umask (umask (0) & 0377);
+
       outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666);
       if (outdesc < 0)
        pfatal_with_name (outname);