[Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
Victor Stinner
victor.stinner at gmail.com
Thu Oct 24 13:36:23 CEST 2013
2013/10/24 Christian Heimes <christian at python.org>:
> There seems to be a problem with the security fix "Re-seed OpenSSL's
> PRNG after fork":
>
> http://bugs.python.org/issue18747
> http://bugs.python.org/issue19227
Yes, Charles Francois warned us that adding a pthread_atfork() hook to
add entropy may add a deadlock. Such change should *not* be added to
stable releases, even if it is supposed to improve the security.
> Perhaps it's best to disable the pthread_atfork() handler for the
> upcoming releases and replace it with security note in the ssl module,
> os.fork() and release notes.
IMO the best place to fix the bug is in OpenSSL directly: RAND_bytes()
function of OpenSSL can detect a fork using getpid() and add more
entropy (in the child or maybe in the parent process). OpenSSL has
access to entropy sources and knows all mutexes, whereas Python can
only guess the list of mutexes (there are probably many more private
mutexes). OpenSSL may use pthread_atfork() internally.
http://www.openwall.com/lists/oss-security/2013/04/12/3
"I believe it is wrong to fix this in PostgreSQL. Rather, this is a
bug in the OpenSSL fork protection code. It should either install a
fork hook, or reseed the PRNG from /dev/urandom if a PID change is
detected."
I wrote a patch for OpenSSL long time ago (when working on my Hasard
project, PRNG library), but I don't remember if I proposed it
upstream:
https://bitbucket.org/haypo/hasard/src/tip/patches/openssl_rand_fork.patch
> <big_friendy_letters>
> If you are using fork() and the ssl module in the same application then
> you must re-seed the PRNG with ssl.RAND_add() every now and then.
> </big_friendy_letters>
You should explain that the issue only occurs if you fork more than
2^16 times and two child processes get the same pid. I wouldn't say
that it is unlikely, but just that there is no reason to scare users
if they are not vulnerable.
The issue can occur if a process spawn a lot of processes.
Reminder: you are supposed to only call exec() after fork(), nothing
else :-) (Only signal-safe functions are officially supported between
exec() and fork()).
Victor
More information about the Python-Dev
mailing list