From 0aa10cafb34f36da9f52b4c382e28e2679224149 Mon Sep 17 00:00:00 2001
From: "R. Steve McKown" <rsmckown@gmail.com>
Date: Mon, 1 Oct 2012 11:41:22 -0600
Subject: [PATCH] Set umask when runnning repository commands

Repository file permissions should only allow write to the owner, read
to the owner's group, and no access for anyone else.
---
 repo_shell.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/repo_shell.c b/repo_shell.c
index 7d34e57..e4918b3 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -18,6 +18,8 @@
 #define SHELL "/bin/bash"
 #define GIT_ACL_FILE ".gitacls"
 
+enum { REPO_UMASK = 027 };
+
 typedef struct {
   char *user;
   char *svn_root;
@@ -94,6 +96,7 @@ static int do_git_cmd(const char *cmd, char *arg, char *user)
     die("bad command");
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   if (!git_check_access(cmd, arg, user))
     die("insufficient ACL permissions");
 
@@ -116,6 +119,7 @@ static int do_svnserve_cmd(const char *cmd, char *arg, char *user)
   int ret;
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
 }
 
-- 
2.39.2