Noah Misch <n...@leadboat.com> writes: > On Sat, Dec 22, 2012 at 02:20:56PM -0500, Tom Lane wrote: >> I believe that we'd be better off doing something in postmaster.c to >> positively ensure that each session has a distinct seed value. Notice >> that BackendRun() already takes measures to ensure that's the case for >> the regular libc random() function; it seems like a reasonable extension >> to also worry about OpenSSL's PRNG.
>> #ifdef USE_SSL >> if (EnableSSL) >> { >> struct timeval tv; >> >> gettimeofday(&tv, NULL); >> RAND_add(&tv, sizeof(tv), 0); >> } >> #endif > Take the caution one step further and make it independent of EnableSSL. In a > stock installation, a !EnableSSL postmaster will never seed its PRNG, and > there's no vulnerability. Add a shared_preload_libraries module that uses the > OpenSSL PRNG in its _PG_init(), and suddenly you're vulnerable again. Meh. In a postmaster that wasn't built with SSL support at all, such a module is still dangerous (and I'm not convinced anybody would build such a module anyway). I think we should confine our ambitions to preventing security issues caused by our own code. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers