[issue18747] Re-seed OpenSSL's PRNG after fork
Antoine Pitrou
report at bugs.python.org
Wed Aug 21 15:23:43 CEST 2013
Antoine Pitrou added the comment:
> Do you have a proposal for a better way to fix the issue? I don't
> think that we can hope for a fix from OpenSSL.
Instead of reseeding in the child, you can perturb the state in the parent
after fork. As far as I understand, only the "child" callback in
pthread_atfork() needs to be async-signal-safe:
"It is suggested that programs that use fork() call an exec function
very soon afterwards in the child process, thus resetting all states.
In the meantime, only a short list of async-signal-safe library
routines are promised to be available."
http://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_atfork.html
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18747>
_______________________________________
More information about the Python-bugs-list
mailing list