From e7c0bd20dc01cb14071f06dec52dd93c9cc8dc62 Mon Sep 17 00:00:00 2001
From: mirefly42 <143206683+mirefly42@users.noreply.github.com>
Date: Fri, 2 May 2025 15:54:59 +0700
Subject: [PATCH] Prevent freebsd service from generating a config readable by
 everyone

---
 contrib/freebsd/yggdrasil | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/freebsd/yggdrasil b/contrib/freebsd/yggdrasil
index 58482fc9..10fc0509 100644
--- a/contrib/freebsd/yggdrasil
+++ b/contrib/freebsd/yggdrasil
@@ -33,7 +33,7 @@ yggdrasil_start()
 
 	test ! -f /etc/yggdrasil.conf && (
 		logger -s -t yggdrasil "Generating new configuration file into /etc/yggdrasil.conf"
-		/usr/local/bin/yggdrasil -genconf > /etc/yggdrasil.conf
+		(umask 037 && /usr/local/bin/yggdrasil -genconf > /etc/yggdrasil.conf)
 	)
 
 	tap_path="$(cat /etc/yggdrasil.conf | egrep -o '/dev/tap[0-9]{1,2}$')"