From d3dcc7da64d28d3de6c876c401141420538a9796 Mon Sep 17 00:00:00 2001
From: Andrew Ayer <agwa@andrewayer.name>
Date: Thu, 3 Jan 2013 15:20:22 -0800
Subject: [PATCH] Set a safe umask before creating temporary files

Although glibc's implementation of mkstemp creates temporary files with
a safe (i.e. 0600) mode, POSIX does not mandate any particular mode.  So
to ensure maximum cross-platform safety, we must set a umask of 0077
before calling mkstemp.
---
 util.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/util.cpp b/util.cpp
index 64ce77d..ccde427 100644
--- a/util.cpp
+++ b/util.cpp
@@ -24,6 +24,7 @@
 #include <cstdlib>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <errno.h>
 #include <fstream>
@@ -82,11 +83,13 @@ void	open_tempfile (std::fstream& file, std::ios_base::openmode mode)
 	char*		path = new char[tmpdir_len + 18];
 	strcpy(path, tmpdir);
 	strcpy(path + tmpdir_len, "/git-crypt.XXXXXX");
+	mode_t		old_umask = umask(0077);
 	int		fd = mkstemp(path);
 	if (fd == -1) {
 		perror("mkstemp");
 		std::exit(9);
 	}
+	umask(old_umask);
 	file.open(path, mode);
 	if (!file.is_open()) {
 		perror("open");