Revise umask in /etc/init.d/functions to use 027

As part of our configuration standard, we restrict user accounts to a 027 umask (by way of /etc/profile.d). Daemons and boot-time processes that source /etc/init.d/functions, however, get a more permissive umask of 022.

NIST recommends setting the daemon umask to 027 (REHL5: http://nvd.nist.gov/scap/content/stylesheet/scap-rhel5-document.htm).

I would like to see the more restrictive umask used by default.

Failing that, I would like to see a way (via /etc/sysconfig ?) to allow the administrator to define the system umask without having to edit /etc/init.d/functions.  That file (correctly) is not identified by RPM as a configuration file, so any local changes to that file will get clobbered the next time the initscripts package is updated.