From b87d43fdcdb52469afa44c1cc7978c24e4ba0086 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Thu, 26 Jun 2014 13:22:46 +0200
Subject: [PATCH] Make master key unreadable to others (bug #410)

---
 adminer/include/functions.inc.php | 1 +
 changes.txt                       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 3c4ba743..86246ad8 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -1065,6 +1065,7 @@ function password_file($create) {
 	if ($return || !$create) {
 		return $return;
 	}
+	umask(066);
 	$fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
 	if ($fp) {
 		$return = rand_string();
diff --git a/changes.txt b/changes.txt
index ad042483..bb465bc8 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
 Adminer 4.1.1-dev:
 Fix reading routine column collations
 Unlock session in alter database
+Make master key unreadable to others (bug #410)
 MySQL: Use utf8mb4 if available
 
 Adminer 4.1.0 (released 2014-04-18)