diff --git a/loginrec.c b/loginrec.c
index f084566ee88a2e4cb31d5d4f8ac94d8c771a7a0e..14b8090f7443694bad4ede9d7bae6a3343c34037 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -1334,7 +1334,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 			return 0;
 	}
 
-	*fd = open(lastlog_file, filemode);
+	*fd = open(lastlog_file, filemode, 0600);
 	if ( *fd < 0) {
 		dropbear_log(LOG_INFO, "lastlog_openseek: Couldn't open %s: %s",
 		    lastlog_file, strerror(errno));