aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2016-05-29 11:13:59 -0400
committerLeo Famulari <leo@famulari.name>2016-05-31 00:03:10 -0400
commit8fe5d95e6653a8ca2f40048b71bb596c80bb264f (patch)
treea44778d0e26e752e7b8494c1cea9334a026174d2 /gnu
parentdf2dd07b880432a0205dd399fede6dee5b9af76b (diff)
downloadguix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.tar.gz
guix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.zip
services: urandom-seed: Set umask to 077 while shutting down.
* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/services/base.scm10
1 files changed, 6 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index a45f219643..b8e4741739 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -460,10 +460,12 @@ stopped before 'kill' is called."
(let ((buf (make-bytevector 512)))
(call-with-input-file "/dev/urandom"
(lambda (urandom)
- (get-bytevector-n! urandom buf 0 512)
- (call-with-output-file #$%random-seed-file
- (lambda (seed)
- (put-bytevector seed buf)))
+ (let ((previous-umask (umask #o077)))
+ (get-bytevector-n! urandom buf 0 512)
+ (call-with-output-file #$%random-seed-file
+ (lambda (seed)
+ (put-bytevector seed buf)))
+ (umask previous-umask))
#t)))))
(modules `((rnrs bytevectors)
(rnrs io ports)