[issue18747] Re-seed OpenSSL's PRNG after fork
Christian Heimes
report at bugs.python.org
Wed Aug 21 18:22:22 CEST 2013
Christian Heimes added the comment:
Oh heck, signal, threads and fork really don't mix. :(
Under which condition can a non-async safe function cause trouble? Is it just fork() inside a signal handler or can an incoming signal during fork() also cause havoc?
The OpenSSL PRNG is only buggy when used in a forking application where the master process initializes the PRNG but never uses it. All child processes inherit the same state. OpenSSL tries to work around the problem by feeding the PID into the PRNG state. But as soon as PIDs get recycled, subsequent child processes get the same random numbers.
Antoine's proposal works, too, because it perturbs the master's PRNG state regularly.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18747>
_______________________________________
More information about the Python-bugs-list
mailing list