Normally, in the !UseLogin case on a system with login classes, the
umask is set implicitly by the first setusercontext() call in
do_setusercontext() in session.c. However, FreeBSD treats the umask
differently from other login settings: unless running with the target
user's UID, it will only apply the value from /etc/login.conf, not that
from the user's ~/.login.conf. The patch below addresses this (although
not in the most efficient manner, which would be to add LOGIN_SETUMASK
to the LOGIN_SETUSER call). It is harmless on systems (such as OpenBSD)
which have login classes but do not share this particular idiosyncrasy
with FreeBSD.
------------------------------------------------------------------------
r248231 | des | 2013-03-13 10:41:55 +0100 (Wed, 13 Mar 2013) | 8 lines
Changed paths:
M /head/crypto/openssh/session.c
Unlike OpenBSD's, our setusercontext() will intentionally ignore the
user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.
PR: bin/176740
Submitted by: John Marshall <john.marshall at riverwillow.com.au>
MFC after: 1 week
Index: session.c
==================================================================--- session.c
(revision 248230)
+++ session.c (revision 248231)
@@ -1533,6 +1533,12 @@
perror("unable to set user context (setuser)");
exit(1);
}
+
+ /*
+ * FreeBSD's setusercontext() will not apply the user's
+ * own umask setting unless running with the user's UID.
+ */
+ setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
#else
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
------------------------------------------------------------------------
DES
--
Dag-Erling Sm?rgrav - des at des.no