From 9e3edd30c34a2b6bfa031f301e9660ca8665462e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 12 Mar 2013 18:05:40 -0700 Subject: [PATCH] * movemail.c: Don't grant more read permissions than necessary. The old 0333 dates back to before we called setuid, so it was needed back then to ensure user-readability, but 0377 should suffice now. --- lib-src/ChangeLog | 4 ++++ lib-src/movemail.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog index 9900f385ce9..67c17cde8cb 100644 --- a/lib-src/ChangeLog +++ b/lib-src/ChangeLog @@ -2,6 +2,10 @@ * movemail.c (main): Call umask on all systems. This is OK since Emacs already assumes umask elsewhere. + Don't grant more read permissions than necessary. + The old 0333 dates back to before we called setuid, + so it was needed back then to ensure user-readability, + but 0377 should suffice now. 2013-02-08 Paul Eggert diff --git a/lib-src/movemail.c b/lib-src/movemail.c index 386e28de711..190937d762b 100644 --- a/lib-src/movemail.c +++ b/lib-src/movemail.c @@ -380,9 +380,9 @@ main (int argc, char **argv) if (indesc < 0) pfatal_with_name (inname); - /* In case movemail is setuid to root, make sure the user can - read the output file. */ - umask (umask (0) & 0333); + /* Make sure the user can read the output file. */ + umask (umask (0) & 0377); + outdesc = open (outname, O_WRONLY | O_CREAT | O_EXCL, 0666); if (outdesc < 0) pfatal_with_name (outname); -- 2.39.2