[issue18747] Re-seed OpenSSL's PRNG after fork
Charles-François Natali
report at bugs.python.org
Sat Aug 17 20:30:20 CEST 2013
Charles-François Natali added the comment:
2013/8/17 Christian Heimes <report at bugs.python.org>:
> Here is a patch that is based on Apache's mod_ssl code. mod_ssl perturbs the PRNG state more often but I think that's overkill for Python.
>
> The new patch only affects the PRNG state of the child process. In my opinion it is the better way to solve this issue. The RAND API does some internal locking. Bad things might happen if one thread of a process calls fork() while another is in the middle of a locked RAND operation.
Ouch, this would mean making the interpreter prone to deadlock/crash
(since the atfork hook is not async-signal safe) :-\
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18747>
_______________________________________
More information about the Python-bugs-list
mailing list