Skip to content

Commit

Permalink
rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
Browse files Browse the repository at this point in the history
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.

PR:		261298
Reported by:	Martin Waschbusch <[email protected]>

(cherry picked from commit c680643)
  • Loading branch information
cschuber committed Jan 23, 2022
1 parent 15e1d8f commit bb66b7c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions libexec/rc/rc.d/ntpd
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,8 @@ ntpd_fetch_leapfile() {
if ntpd_needfetch_leapfile ; then
for url in $ntp_leapfile_sources ; do
$verbose fetching $url
# Circumvent umask 027 and 077 in login.conf(5)
umask 022
fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break
done
ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile)
Expand Down

0 comments on commit bb66b7c

Please sign in to comment.