Set file modes of pinentry socket for extra safety

* lisp/net/pinentry.el: Require 'cl-lib for `cl-letf'.
(pinentry-start): Change the file modes of the socket file to 0700.
This is just for extra safety since the parent directory is already
protected with `server-ensure-safe-dir'.

diff --git a/lisp/net/pinentry.el b/lisp/net/pinentry.el
index 285f86481bc233638385f3d5204dad3442e81746..082a9c8ff898a092ffa39570cd3b7c8aec42fbcf 100644 (file)
--- a/lisp/net/pinentry.el
+++ b/lisp/net/pinentry.el
@@ -49,6 +49,8 @@
 
 ;;; Code:
 
+(eval-when-compile (require 'cl-lib))
+
 (defgroup pinentry nil
   "The Pinentry server"
   :version "25.1"
@@ -172,17 +174,18 @@ will not be shown."
       (ignore-errors
         (let (delete-by-moving-to-trash)
           (delete-file server-file)))
-      (setq pinentry--server-process
-            (make-network-process
-             :name "pinentry"
-             :server t
-             :noquery t
-             :sentinel #'pinentry--process-sentinel
-             :filter #'pinentry--process-filter
-             :coding 'no-conversion
-             :family 'local
-             :service server-file))
-      (process-put pinentry--server-process :server-file server-file))))
+      (cl-letf (((default-file-modes) ?\700))
+        (setq pinentry--server-process
+              (make-network-process
+               :name "pinentry"
+               :server t
+               :noquery t
+               :sentinel #'pinentry--process-sentinel
+               :filter #'pinentry--process-filter
+               :coding 'no-conversion
+               :family 'local
+               :service server-file))
+        (process-put pinentry--server-process :server-file server-file)))))
 
 (defun pinentry-stop ()
   "Stop a Pinentry service."