From fce253253a13f8aa010429443708043ea6d9d361 Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@banu.com>
Date: Sun, 24 Aug 2008 11:27:38 +0530
Subject: Set umask before mkstemp() for some versions of glibc

---
 src/daemon.c    | 2 +-
 src/tinyproxy.c | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/daemon.c b/src/daemon.c
index 4d4aedc..f0b0aba 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -42,7 +42,7 @@ makedaemon(void)
                 exit(0);
 
         chdir("/");
-        umask(077);
+        umask(0177);
 
 #if NDEBUG
         /*
diff --git a/src/tinyproxy.c b/src/tinyproxy.c
index 88bc9d3..f3bf169 100644
--- a/src/tinyproxy.c
+++ b/src/tinyproxy.c
@@ -188,6 +188,11 @@ main(int argc, char **argv)
         }
 #endif                          /* HAVE_SETRLIMIT */
 
+        /* Only allow u+rw bits. This may be required for some versions
+         * of glibc so that mkstemp() doesn't make us vulnerable.
+         */
+        umask(0177);
+
         /* Default configuration file location */
         config.config_file = DEFAULT_CONF_FILE;
 
-- 
cgit v1.2.3