From 9eb630a3834fe9f97ac7e7ffa520b1986c8747a6 Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Fri, 3 Jun 2016 09:08:22 +0200
Subject: [PATCH] use umask instead of chmod to set file permissions

---
 ykpamcfg.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/ykpamcfg.c b/ykpamcfg.c
index bc8be1e..9e50dbd 100644
--- a/ykpamcfg.c
+++ b/ykpamcfg.c
@@ -236,6 +236,8 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
   memcpy (state.response, buf, response_len);
   state.response_len = response_len;
 
+  umask(077);
+
   f = fopen (fn, "w");
   if (! f) {
     fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno));
@@ -245,11 +247,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
   if (! write_chalresp_state (f, &state))
     goto out;
 
-  if (! chmod (fn, S_IRUSR | S_IWUSR)) {
-    fprintf (stderr, "Failed setting permissions on new challenge file %s.\n", fn);
-    goto out;
-  }
-
   printf ("Stored initial challenge and expected response in '%s'.\n", fn);
 
   *exit_code = 0;