We set umask 077 to ensure that the become script is not readable by
other users. Set the mask back to what it was beforehand.
#!/bin/bash
file="${TMPDIR:-/tmp}/$SUDO_USER.became.$USER.$RANDOM.$$"
-( umask 077; echo "unset ENV POSIXLY_CORRECT; set +o posix" > "$file"; cat >> "$file"; echo "/bin/rm -f '$file'" >> "$file" )
+( builtin umask 077; echo "unset ENV POSIXLY_CORRECT; set +o posix" > "$file"; cat >> "$file"; echo "/bin/rm -f '$file'" >> "$file" )
exec </dev/tty env ENV="$file" POSIXLY_CORRECT=1 /bin/bash
# Fall back to the shell.
exec </dev/tty /bin/bash
[ -f "$profile" ] || profile="$BECOME/all"
file="${TMPDIR:-/tmp}/$USER.become.$user.$RANDOM.$$"
-umask 077
+umask=$(builtin umask -p)
+builtin umask 077
if exec 3>"$file" && exec <"$file" && rm "$file"; then
+ builtin $umask
echo >&3 "cd"
echo >&3 "PROFILE_HOME='$HOME'"
if [ -n "$PRINCIPAL" ]; then