* [PATCH 0/1] Make urandom-seed service behavior less surprising
@ 2016-05-29 15:18 Leo Famulari
2016-05-29 15:18 ` [PATCH 1/1] services: urandom-seed: Set umask to 077 while shutting down Leo Famulari
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2016-05-29 15:18 UTC (permalink / raw)
To: guix-devel
I noticed that if you delete the random seed file, and then recreate it
with `herd stop urandom-seed`, it will have incorrect permissions of
-rw-r--r-- when they should be -rw-------.
Well, don't do that ;)
But if you do, the system should make sure the right thing happens. This
patch does so by setting the umask at what I think is the right point.
Any objections?
Leo Famulari (1):
services: urandom-seed: Set umask to 077 while shutting down.
gnu/services/base.scm | 1 +
1 file changed, 1 insertion(+)
--
2.8.3
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] services: urandom-seed: Set umask to 077 while shutting down.
2016-05-29 15:18 [PATCH 0/1] Make urandom-seed service behavior less surprising Leo Famulari
@ 2016-05-29 15:18 ` Leo Famulari
2016-05-30 20:56 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2016-05-29 15:18 UTC (permalink / raw)
To: guix-devel
* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
---
gnu/services/base.scm | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index a45f219..8ed40a4 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -461,6 +461,7 @@ stopped before 'kill' is called."
(call-with-input-file "/dev/urandom"
(lambda (urandom)
(get-bytevector-n! urandom buf 0 512)
+ (umask #o077)
(call-with-output-file #$%random-seed-file
(lambda (seed)
(put-bytevector seed buf)))
--
2.8.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] services: urandom-seed: Set umask to 077 while shutting down.
2016-05-29 15:18 ` [PATCH 1/1] services: urandom-seed: Set umask to 077 while shutting down Leo Famulari
@ 2016-05-30 20:56 ` Ludovic Courtès
0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2016-05-30 20:56 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> * gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
> ---
> gnu/services/base.scm | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
> index a45f219..8ed40a4 100644
> --- a/gnu/services/base.scm
> +++ b/gnu/services/base.scm
> @@ -461,6 +461,7 @@ stopped before 'kill' is called."
> (call-with-input-file "/dev/urandom"
> (lambda (urandom)
> (get-bytevector-n! urandom buf 0 512)
> + (umask #o077)
> (call-with-output-file #$%random-seed-file
I think it’s safer to restore the umask afterwards, like:
(let ((previous-umask (umask #o077)))
…
(umask previous-umask))
Otherwise LGTM, thanks!
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-05-30 20:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-29 15:18 [PATCH 0/1] Make urandom-seed service behavior less surprising Leo Famulari
2016-05-29 15:18 ` [PATCH 1/1] services: urandom-seed: Set umask to 077 while shutting down Leo Famulari
2016-05-30 20:56 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).