From 9b5e94cef92cab8413389baa17c91b2295bfdb0b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sun, 26 Oct 2008 21:13:03 +0000
Subject: [PATCH] When setting the umask, use the union of the user's umask and
 the default value set in sudoers so that we never lower the user's umask when
 running a command.

---
 sudo.c      | 13 ++++++++++---
 sudoers.pod |  7 ++++++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/sudo.c b/sudo.c
index 7e6f18f28..6b91d941e 100644
--- a/sudo.c
+++ b/sudo.c
@@ -456,9 +456,16 @@ main(argc, argv, envp)
 	    sudo_mode == MODE_LIST)
 	    exit(rc);
 
-	/* Override user's umask if configured to do so. */
-	if (def_umask != 0777)
-	    (void) umask(def_umask);
+	/*
+	 * Override user's umask if configured to do so.
+	 * If user's umask is more restrictive, OR in those bits too.
+	 */
+	if (def_umask != 0777) {
+	    mode_t mask = umask(def_umask);
+	    mask |= def_umask;
+	    if (mask != def_umask)
+		umask(mask);
+	}
 
 	/* Restore coredumpsize resource limit. */
 #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
diff --git a/sudoers.pod b/sudoers.pod
index 671bd2a89..0322001be 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -803,7 +803,12 @@ own timestamps via C<sudo -v> and C<sudo -k> respectively.
 =item umask
 
 Umask to use when running the command.  Negate this option or set
-it to 0777 to preserve the user's umask.  The default is C<@sudo_umask@>.
+it to 0777 to preserve the user's umask.  The actual umask that is
+used will be the union of the user's umask and C<@sudo_umask@>.
+This guarantees that B<sudo> never lowers the umask when running a
+command.  Note on systems that use PAM, the default PAM configuration
+may specify its own umask which will override the value set in
+I<sudoers>.
 
 =back
 
-- 
2.40.0