diff mbox

[1/1] services: urandom-seed: Set umask to 077 while shutting down.

Message ID 0de3fd1e02890401dcd91f6804c097ca5ef549fb.1464534882.git.leo@famulari.name
State New
Headers show

Commit Message

Leo Famulari May 29, 2016, 3:18 p.m. UTC
* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
---
 gnu/services/base.scm | 1 +
 1 file changed, 1 insertion(+)

Comments

Ludovic Courtès May 30, 2016, 8:56 p.m. UTC | #1
Leo Famulari <leo@famulari.name> skribis:

> * gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
> ---
>  gnu/services/base.scm | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
> index a45f219..8ed40a4 100644
> --- a/gnu/services/base.scm
> +++ b/gnu/services/base.scm
> @@ -461,6 +461,7 @@ stopped before 'kill' is called."
>                       (call-with-input-file "/dev/urandom"
>                         (lambda (urandom)
>                           (get-bytevector-n! urandom buf 0 512)
> +                         (umask #o077)
>                           (call-with-output-file #$%random-seed-file

I think it’s safer to restore the umask afterwards, like:

  (let ((previous-umask (umask #o077)))
    …
    (umask previous-umask))

Otherwise LGTM, thanks!

Ludo’.
diff mbox

Patch

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index a45f219..8ed40a4 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -461,6 +461,7 @@  stopped before 'kill' is called."
                      (call-with-input-file "/dev/urandom"
                        (lambda (urandom)
                          (get-bytevector-n! urandom buf 0 512)
+                         (umask #o077)
                          (call-with-output-file #$%random-seed-file
                            (lambda (seed)
                              (put-bytevector seed buf)))