diff --git a/Lib/os.py b/Lib/os.py
index 5824609b14d..bf1b0863833 100644
--- a/Lib/os.py
+++ b/Lib/os.py
@@ -715,22 +715,18 @@ except NameError: # statvfs_result may not exist
     pass
 
 if not _exists("urandom"):
-    _urandomfd = None
     def urandom(n):
         """urandom(n) -> str
 
         Return a string of n random bytes suitable for cryptographic use.
 
         """
-        global _urandomfd
-        if _urandomfd is None:
-            try:
-                _urandomfd = open("/dev/urandom", O_RDONLY)
-            except:
-                _urandomfd = NotImplementedError
-        if _urandomfd is NotImplementedError:
+        try:
+            _urandomfd = open("/dev/urandom", O_RDONLY)
+        except:
             raise NotImplementedError("/dev/urandom (or equivalent) not found")
         bytes = ""
         while len(bytes) < n:
             bytes += read(_urandomfd, n - len(bytes))
+        close(_urandomfd)
         return bytes
diff --git a/Misc/NEWS b/Misc/NEWS
index 8d86efde286..bcc696ae975 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -150,6 +150,9 @@ Extension Modules
 Library
 -------
 
+- Bug #1177468: Don't cache the /dev/urandom file descriptor for os.urandom,
+  as this can cause problems with apps closing all file descriptors.
+
 - Bug #839151: Fix an attempt to access sys.argv in the warnings module
   though this can be missing in embedded interpreters