From 13e2b6689d7729cf201e4f2ac43278f11c811bc8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 7 Apr 2016 16:15:26 +0200
Subject: [PATCH] core: be more paranoid when mixing umask and fopen()

Let's be extra careful with the umask when we use simple fopen(), as this
creates files with 0777 by default.
---
 src/basic/util.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/basic/util.c b/src/basic/util.c
index 8f2317f28..b049a4485 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -55,6 +55,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "time-util.h"
+#include "umask-util.h"
 #include "user-util.h"
 #include "util.h"
 
@@ -784,7 +785,8 @@ int update_reboot_param_file(const char *param) {
         int r = 0;
 
         if (param) {
-                r = write_string_file(REBOOT_PARAM_FILE, param, WRITE_STRING_FILE_CREATE);
+                RUN_WITH_UMASK(0022)
+                        r = write_string_file(REBOOT_PARAM_FILE, param, WRITE_STRING_FILE_CREATE);
                 if (r < 0)
                         return log_error_errno(r, "Failed to write reboot param to "REBOOT_PARAM_FILE": %m");
         } else
-- 
2.30.2