From 8fe5d95e6653a8ca2f40048b71bb596c80bb264f Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 29 May 2016 11:13:59 -0400
Subject: [PATCH] services: urandom-seed: Set umask to 077 while shutting down.

* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
---
 gnu/services/base.scm | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index a45f2196437..b8e47417395 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -460,10 +460,12 @@ (define (urandom-seed-shepherd-service _)
                    (let ((buf (make-bytevector 512)))
                      (call-with-input-file "/dev/urandom"
                        (lambda (urandom)
-                         (get-bytevector-n! urandom buf 0 512)
-                         (call-with-output-file #$%random-seed-file
-                           (lambda (seed)
-                             (put-bytevector seed buf)))
+                         (let ((previous-umask (umask #o077)))
+                           (get-bytevector-n! urandom buf 0 512)
+                           (call-with-output-file #$%random-seed-file
+                             (lambda (seed)
+                               (put-bytevector seed buf)))
+                           (umask previous-umask))
                          #t)))))
          (modules `((rnrs bytevectors)
                     (rnrs io ports)
-- 
GitLab