From owner-cvs-all  Mon Feb  4 19: 4:37 2002
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-47.dsl.lsan03.pacbell.net [64.165.226.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id 000C437B420; Mon,  4 Feb 2002 19:04:31 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6B85366D8B; Mon,  4 Feb 2002 19:04:31 -0800 (PST)
Date: Mon, 4 Feb 2002 19:04:31 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Stephen McKay <mckay@thehub.com.au>
Cc: Ian Dowse <iedowse@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/ctm/ctm_rmail ctm_rmail.c
Message-ID: <20020204190431.A36742@xor.obsecurity.org>
References: <200201222254.g0MMsqg19740@freefall.freebsd.org> <200202041157.g14BvhC06852@dungeon.home>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <200202041157.g14BvhC06852@dungeon.home>; from mckay@thehub.com.au on Mon, Feb 04, 2002 at 09:57:43PM +1000
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 04, 2002 at 09:57:43PM +1000, Stephen McKay wrote:
> On Tuesday, 22nd January 2002, Ian Dowse wrote:
>=20
> >iedowse     2002/01/22 14:54:52 PST
> >
> >  Modified files:
> >    usr.sbin/ctm/ctm_rmail ctm_rmail.c=20
> >  Log:
> >  The mode of files created by ctm_rmail was always 0600, even if the
> >  umask was less restrictive. This was caused by the use of mkstemp()
> >  which internally passes a mode of 0600 to open(). Fix this by
> >  explicitly chmod'ing the files to (0666 & ~umask).
>=20
> This is pretty silly.  The right way to fix this is to revert back to
> using mktemp().  Probably revert the whole 1.14 delta.  I'll put this
> on my TODO list.

As I recall, the former use of mktemp() was insecure, which was the
reason it was changed to use the secure mkstemp().  It should not be
regressed.

Kris

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8X0u+Wry0BWjoQKURApkLAKCpFJN0zA4OL54favcTWhTCNIhoXACgz1Ih
C7DCQBaz3SM148uP9C+0WRE=
=y1c9
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message