secmod: use umask, as fchmod is undefined on sockets

author: Florian Dold <florian@dold.me> 2021-07-27 12:04:52 +0200
committer: Florian Dold <florian@dold.me> 2021-07-27 12:04:52 +0200
commit: 9624d92a65520b982f107ede35c085f9daee5fda (patch)
tree: 593869d30eb733bd71b4a0b20f5cbf27a627ab12 /src/util/taler-exchange-secmod-eddsa.c
parent: 32f3391be100622a79c40fdce7dcec44418da34c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c
index 8f9964439..ac4bfc61b 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -40,6 +40,7 @@
 #include <sys/eventfd.h>
 #include "taler_error_codes.h"
 #include "taler_signatures.h"
+#include "secmod_common.h"
 
 
 /**
@@ -1633,6 +1634,9 @@ main (int argc,
   };
   int ret;
 
+  /* Restrict permissions for the key files that we create. */
+  (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
   /* force linker to link against libtalerutil; if we do
    not do this, the linker may "optimize" libtalerutil
    away and skip #TALER_OS_init(), which we do need */
author	Florian Dold <florian@dold.me>	2021-07-27 12:04:52 +0200
committer	Florian Dold <florian@dold.me>	2021-07-27 12:04:52 +0200
commit	9624d92a65520b982f107ede35c085f9daee5fda (patch)
tree	593869d30eb733bd71b4a0b20f5cbf27a627ab12 /src/util/taler-exchange-secmod-eddsa.c
parent	32f3391be100622a79c40fdce7dcec44418da34c (diff)