From: Christian Kastner <ckk@kvr.at>
Date: Fri, 25 Dec 2015 12:33:24 +0100
Subject: Set umask while editing crontab

When editing/replacing a crontab, set the umask to 077.

Forwarded: no
Last-Update: 2015-12-25
Index: cron/crontab.c
===================================================================
--- cron.orig/crontab.c
+++ cron/crontab.c
@@ -317,6 +317,7 @@ edit_cmd() {
 	time_t		mtime;
 	WAIT_T		waiter;
 	PID_T		pid, xpid;
+	mode_t		um;
 
 	log_it(RealUser, Pid, "BEGIN EDIT", User);
 	(void) snprintf(n, MAX_FNAME, CRON_TAB(User));
@@ -333,6 +334,7 @@ edit_cmd() {
 		}
 	}
 
+	um = umask(077);
 	(void) snprintf(Filename, sizeof(Filename)-1, "/tmp/crontab.XXXXXX");
 	Filename[sizeof(Filename)-1] = '\0';
 	if (-1 == (t = mkstemp(Filename))) {
@@ -347,6 +349,8 @@ edit_cmd() {
 		perror("fchown");
 		goto fatal;
 	}
+
+	(void) umask(um);
 	if (!(NewCrontab = fdopen(t, "r+"))) {
 		perror("fdopen");
 		goto fatal;
@@ -530,6 +534,7 @@ replace_cmd() {
 	entry	*e;
 	time_t	now = time(NULL);
 	char	**envp = env_init();
+	mode_t	um;
 
 	if (envp == NULL) {
 		fprintf(stderr, "%s: Cannot allocate memory.\n", ProgramName);
@@ -547,6 +552,7 @@ replace_cmd() {
 	signal(SIGTSTP, SIG_IGN);
 
 	(void) snprintf(tn, MAX_FNAME, CRON_TAB("tmp.XXXXXX"));
+	um = umask(077);
 	fd = mkstemp(tn);
 	if (fd < 0) {
 		fprintf(stderr, "%s/: mkstemp: %s\n", CRONDIR, strerror(errno));
@@ -557,6 +563,7 @@ replace_cmd() {
 		fprintf(stderr, "%s/: fdopen: %s\n", CRONDIR, strerror(errno));
 		return (-2);
 	}
+	(void) umask(um);
 
 	/* write a signature at the top of the file.
 	 *