repl: create history file with mode 0600

Test code mostly written by Trott
nodejs#3392 (comment).

Author: XeCycle

lib/internal/repl.js

@@ -93,7 +93,10 @@ function setupHistory(repl, historyPath, oldHistoryPath, ready) {
   var writing = false;
   var pending = false;
   repl.pause();
-  fs.open(historyPath, 'a+', oninit);
+  // History files are conventionally not readable by others:
+  // https://github.com/nodejs/node/issues/3392
+  // https://github.com/nodejs/node/pull/3394
+  fs.open(historyPath, 'a+', 0o0600, oninit);
 
   function oninit(err, hnd) {
     if (err) {

test/parallel/test-repl-history-perm.js

@@ -0,0 +1,53 @@
+'use strict';
+// Flags: --expose_internals
+
+const common = require('../common');
+
+if (common.isWindows) {
+  console.log('1..0 # Skipped: Win32 uses ACLs for file permissions, ' +
+              'modes are always 0666 and says nothing about group/other ' +
+              'read access.');
+  return;
+}
+
+const assert = require('assert');
+const path = require('path');
+const fs = require('fs');
+const repl = require('internal/repl');
+const Duplex = require('stream').Duplex;
+// Invoking the REPL should create a repl history file at the specified path
+// and mode 600.
+
+var stream = new Duplex();
+stream.pause = stream.resume = function() {};
+// ends immediately
+stream._read = function() {
+  this.push(null);
+};
+stream._write = function(c, e, cb) {
+  cb();
+};
+stream.readable = stream.writable = true;
+
+common.refreshTmpDir();
+const replHistoryPath = path.join(common.tmpDir, '.node_repl_history');
+
+const checkResults = common.mustCall(function(err, r) {
+  if (err)
+    throw err;
+  r.input.end();
+  const stat = fs.statSync(replHistoryPath);
+  assert.strictEqual(
+    stat.mode & 0o777, 0o600,
+    'REPL history file should be mode 0600');
+});
+
+repl.createInternalRepl(
+  {NODE_REPL_HISTORY: replHistoryPath},
+  {
+    terminal: true,
+    input: stream,
+    output: stream
+  },
+  checkResults
+);