From 8fe5d95e6653a8ca2f40048b71bb596c80bb264f Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 29 May 2016 11:13:59 -0400 Subject: [PATCH] services: urandom-seed: Set umask to 077 while shutting down. * gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'. --- gnu/services/base.scm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a45f219643..b8e4741739 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -460,10 +460,12 @@ (define (urandom-seed-shepherd-service _) (let ((buf (make-bytevector 512))) (call-with-input-file "/dev/urandom" (lambda (urandom) - (get-bytevector-n! urandom buf 0 512) - (call-with-output-file #$%random-seed-file - (lambda (seed) - (put-bytevector seed buf))) + (let ((previous-umask (umask #o077))) + (get-bytevector-n! urandom buf 0 512) + (call-with-output-file #$%random-seed-file + (lambda (seed) + (put-bytevector seed buf))) + (umask previous-umask)) #t))))) (modules `((rnrs bytevectors) (rnrs io ports)