From 711e38f8ed0a78cbe86f57d7a59d31eebb7d67c3 Mon Sep 17 00:00:00 2001
From: Joerg Wunsch <joerg@FreeBSD.org>
Date: Fri, 26 Apr 1996 21:33:18 +0000
Subject: [PATCH] /etc/skeykeys was basically suffering from the same
 vulnerability as any non-shadowed /etc/passwd.  Ironically, all programs
 using S/Key have already been setuid root except keyinfo(1).

This modification creates /etc/skeykeys with mode 0600 to prevent it
from being examined by ordinary users.
---
 lib/libskey/skeylogin.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
index 229fc619198..ee9c277d3be 100644
--- a/lib/libskey/skeylogin.c
+++ b/lib/libskey/skeylogin.c
@@ -103,11 +103,13 @@ char *name;
 	long recstart;
 	char *cp, *p;
 	struct stat statbuf;
+	mode_t oldmask;
 
 	/* See if the _PATH_SKEYFILE exists, and create it if not */
 	if(stat(_PATH_SKEYFILE,&statbuf) == -1 && errno == ENOENT){
+		oldmask = umask(S_IRWXG|S_IRWXO);
 		mp->keyfile = fopen(_PATH_SKEYFILE,"w+");
-		(void) chmod(_PATH_SKEYFILE, 0644);
+		(void)umask(oldmask);
 	} else {
 		/* Otherwise open normally for update */
 		mp->keyfile = fopen(_PATH_SKEYFILE,"r+");