This reverts commit
1fc1558e7ac11102a4bc479a57de76c4f4f42c46.
There are a few issues with this change.
1) verify_tmp_dir is created 0700 *before* mkstemp() is called
So the umask for the temporary file doesn't matter
2) the server is threaded, and umask() is *global* to the process
So there is no "before" mkstemp() and "after" mkstemp().
The Coverity warning is (in this case) a false positive.
while (conf->verify_client_cert_cmd) {
char filename[256];
- mode_t orig_umask;
int fd;
FILE *fp;
snprintf(filename, sizeof(filename), "%s/%s.client.XXXXXXXX",
conf->verify_tmp_dir, progname);
- orig_umask = umask(S_IRWXG | S_IRWXO);
fd = mkstemp(filename);
- umask(orig_umask);
if (fd < 0) {
RDEBUG("Failed creating file in %s: %s",
conf->verify_tmp_dir, fr_syserror(errno));