bin/52480: /bin/ksh HISTFILE created with default mode for directories, not files

[jdbaker%mylinuxisp.com@localhost]

>Number:         52480
>Category:       bin
>Synopsis:       /bin/ksh HISTFILE created with default mode for directories, not files
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 10 20:50:00 +0000 2017
>Originator:     John D. Baker
>Release:        NetBSD/amd64-7.1_STABLE (and probably earlier)
>Organization:
>Environment:
NetBSD spike.technoskunk.fur 7.1_STABLE NetBSD 7.1_STABLE (SPIKE) #10: Fri Jul 14 16:58:38 CDT 2017  sysop%yggdrasil.technoskunk.fur@localhost:/r0/build/netbsd-7/obj/amd64/sys/arch/amd64/compile/SPIKE amd64

>Description:
If one sets the HISTFILE variable to define a file from/to which
'/bin/ksh' is to read/save history and the file does not yet exist,
it will be created with mode 777^umask when 'ksh' first saves
command history.

This would appear to be using the default mode used for creating
a directory (777), subject to the user's "umask" value.

No ordinary file should have execute mode by default.  Unless there's
reason for a different value, mode 600 is more appropriate.
>How-To-Repeat:
  $ ls -la $HOME/foo_history
  ls: /home/jdbaker/foo_history: No such file or directory
  $ umask
  002
  $ ksh
  $ HISTFILE=$HOME/foo_history
  $ exit
  $ ls -la $HOME/foo_history
  -rwxrwxr-x  1 jdbaker  jdbaker  10697 Aug 10 15:33 /home/jdbaker/foo_history*
>Fix:
Workaround:

  $ chmod 600 $HISTFILE

after the first time 'ksh' saves history.