[patch] Incorrect umask in FreeBSD

Dag-Erling Smørgrav des at des.no
Wed Mar 13 20:51:15 EST 2013

Normally, in the !UseLogin case on a system with login classes, the
umask is set implicitly by the first setusercontext() call in
do_setusercontext() in session.c.  However, FreeBSD treats the umask
differently from other login settings: unless running with the target
user's UID, it will only apply the value from /etc/login.conf, not that
from the user's ~/.login.conf.  The patch below addresses this (although
not in the most efficient manner, which would be to add LOGIN_SETUMASK
to the LOGIN_SETUSER call).  It is harmless on systems (such as OpenBSD)
which have login classes but do not share this particular idiosyncrasy
with FreeBSD.

r248231 | des | 2013-03-13 10:41:55 +0100 (Wed, 13 Mar 2013) | 8 lines
Changed paths:
   M /head/crypto/openssh/session.c

Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall at riverwillow.com.au>
MFC after:	1 week

Index: session.c
--- session.c	(revision 248230)
+++ session.c	(revision 248231)
@@ -1533,6 +1533,12 @@
 			perror("unable to set user context (setuser)");
+		/*
+		 * FreeBSD's setusercontext() will not apply the user's
+		 * own umask setting unless running with the user's UID.
+		 */
+		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 		/* Permanently switch to the desired uid. */


Dag-Erling Smørgrav - des at des.no

More information about the openssh-unix-dev mailing list