[786] in Kerberos_V5_Development
new file permissions
jfc@ATHENA.MIT.EDU (jfc@ATHENA.MIT.EDU)
Thu Nov 21 12:55:39 1991
A problem with using the C stdio package for kerberos is that stdio
doesn't allow the program to specify the mode for creating a file.
Options:
1. All kerberos files are mode (666 - umask). This is a security
problem.
2. fchmod(fileno(newfile))
This has a race condition.
3. Temporarily set umask = 066 during certain file ops.
4. Require that kerberos programs set a safe umask before
calling any library functions that write files.
I think 3 is probably best, so programs don't need to worry about
implementation details.
