services: urandom-seed: Set umask to 077 while shutting down.

* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
2016-05-29 11:13:59 -04:00 · 2016-05-29 11:13:59 -04:00 · 8fe5d95e66
parent df2dd07b88
commit 8fe5d95e66
1 changed files with 6 additions and 4 deletions
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@ -460,10 +460,12 @@ stopped before 'kill' is called."
                   (let ((buf (make-bytevector 512)))
                     (call-with-input-file "/dev/urandom"
                       (lambda (urandom)
-                         (get-bytevector-n! urandom buf 0 512)
-                         (call-with-output-file #$%random-seed-file
-                           (lambda (seed)
-                             (put-bytevector seed buf)))
+                         (let ((previous-umask (umask #o077)))
+                           (get-bytevector-n! urandom buf 0 512)
+                           (call-with-output-file #$%random-seed-file
+                             (lambda (seed)
+                               (put-bytevector seed buf)))
+                           (umask previous-umask))
                         #t)))))
         (modules `((rnrs bytevectors)
                    (rnrs io ports)