2 files changed, 5 insertions, 5 deletions

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 16053f9dc28..e8eb8a93f1f 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.291 2014/02/07 18:42:17 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.292 2014/02/08 18:12:17 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -563,7 +563,7 @@ main(int argc, char *argv[])
 	imsg_init(unpriv_ibuf, socket_fd[1]);
 
 	if ((fd = open(path_dhclient_db,
-	    O_RDONLY|O_EXLOCK|O_CREAT|O_NOFOLLOW, 0)) == -1)
+	    O_RDONLY|O_EXLOCK|O_CREAT|O_NOFOLLOW, 0640)) == -1)
 		error("can't open and lock %s: %s", path_dhclient_db,
 		    strerror(errno));
 	read_client_leases();
@@ -1733,7 +1733,7 @@ rewrite_option_db(struct client_lease *offered, struct client_lease *effective)
 
 	write_file(path_option_db,
 	    O_WRONLY | O_CREAT | O_TRUNC | O_SYNC | O_EXLOCK | O_NOFOLLOW,
-	    0, 0, 0, db, strlen(db));
+	    S_IRUSR | S_IWUSR | S_IRGRP, 0, 0, db, strlen(db));
 }
 
 char *
diff --git a/usr.sbin/dhcpd/db.c b/usr.sbin/dhcpd/db.c
index b037b2c3f49..664772c6e35 100644
--- a/usr.sbin/dhcpd/db.c
+++ b/usr.sbin/dhcpd/db.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: db.c,v 1.13 2013/04/20 01:18:55 krw Exp $	*/
+/*	$OpenBSD: db.c,v 1.14 2014/02/08 18:12:17 krw Exp $	*/
 
 /*
  * Persistent database management routines for DHCPD.
@@ -181,7 +181,7 @@ db_startup(void)
 	int db_fd;
 
 	/* open lease file. once we dropped privs it has to stay open */
-	db_fd = open(path_dhcpd_db, O_WRONLY|O_CREAT, 0664);
+	db_fd = open(path_dhcpd_db, O_WRONLY|O_CREAT, 0640);
 	if (db_fd == -1)
 		error("Can't create new lease file: %m");
 	if ((db_file = fdopen(db_fd, "w")) == NULL)