[PATCH] treewide: reseed RNG in child processes

[PATCH] treewide: reseed RNG in child processes

[Eric Wong]

This prevents name conflicts leading to retries and slowdowns in
temporary file name generation.  No actual data corruption
resulted because all temporary files are opened with O_EXCL
anyways.

This may increase security for IMAP, NNTP, and HTTPS sessions
using TLS, but it's all public data anyways.
---
 lib/PublicInbox/Daemon.pm | 3 +++
 lib/PublicInbox/IPC.pm    | 6 +++++-
 lib/PublicInbox/Watch.pm  | 6 ++++++
 lib/PublicInbox/Xapcmd.pm | 4 +++-
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/PublicInbox/Daemon.pm b/lib/PublicInbox/Daemon.pm
index f5543c85..b5f97d81 100644
--- a/lib/PublicInbox/Daemon.pm
+++ b/lib/PublicInbox/Daemon.pm
@@ -533,10 +533,13 @@ EOF
 		if ($n <= $want) {
 			PublicInbox::DS::block_signals() if !$sigfd;
 			for my $i ($n..$want) {
+				my $seed = rand(0xffffffff);
 				my $pid = fork;
 				if (!defined $pid) {
 					warn "failed to fork worker[$i]: $!\n";
 				} elsif ($pid == 0) {
+					srand($seed);
+					eval { Net::SSLeay::randomize() };
 					$set_user->() if $set_user;
 					return $p0; # run normal work code
 				} else {
diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index dbb87e4e..6efaff38 100644
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -105,8 +105,10 @@ sub ipc_worker_spawn {
 	pipe(my ($r_res, $w_res)) or die "pipe: $!";
 	my $sigset = $oldset // PublicInbox::DS::block_signals();
 	$self->ipc_atfork_prepare;
-	defined(my $pid = fork) or die "fork: $!";
+	my $seed = rand(0xffffffff);
+	my $pid = fork // die "fork: $!";
 	if ($pid == 0) {
+		srand($seed);
 		eval { PublicInbox::DS->Reset };
 		delete @$self{qw(-wq_s1 -wq_workers -wq_ppid)};
 		$w_req = $r_res = undef;
@@ -286,8 +288,10 @@ sub wq_do { # always async
 
 sub _wq_worker_start ($$) {
 	my ($self, $oldset) = @_;
+	my $seed = rand(0xffffffff);
 	my $pid = fork // die "fork: $!";
 	if ($pid == 0) {
+		srand($seed);
 		eval { PublicInbox::DS->Reset };
 		delete @$self{qw(-wq_s1 -wq_workers -wq_ppid)};
 		$SIG{$_} = 'IGNORE' for (qw(PIPE TTOU TTIN));
diff --git a/lib/PublicInbox/Watch.pm b/lib/PublicInbox/Watch.pm
index 9a729140..1de5018d 100644
--- a/lib/PublicInbox/Watch.pm
+++ b/lib/PublicInbox/Watch.pm
@@ -625,8 +625,11 @@ sub imap_idle_fork ($$) {
 	my ($self, $url_intvl) = @_;
 	my ($url, $intvl) = @$url_intvl;
 	pipe(my ($r, $w)) or die "pipe: $!";
+	my $seed = rand(0xffffffff);
 	defined(my $pid = fork) or die "fork: $!";
 	if ($pid == 0) {
+		srand($seed);
+		eval { Net::SSLeay::randomize() };
 		close $r;
 		watch_atfork_child($self);
 		watch_imap_idle_1($self, $url, $intvl);
@@ -704,8 +707,11 @@ sub poll_fetch_fork ($) { # DS::add_timer callback
 	return if $self->{quit};
 	pipe(my ($r, $w)) or die "pipe: $!";
 	my $oldset = watch_atfork_parent($self);
+	my $seed = rand(0xffffffff);
 	my $pid = fork;
 	if (defined($pid) && $pid == 0) {
+		srand($seed);
+		eval { Net::SSLeay::randomize() };
 		close $r;
 		watch_atfork_child($self);
 		if ($urls->[0] =~ m!\Aimaps?://!i) {
diff --git a/lib/PublicInbox/Xapcmd.pm b/lib/PublicInbox/Xapcmd.pm
index 8de516ef..269aa99a 100644
--- a/lib/PublicInbox/Xapcmd.pm
+++ b/lib/PublicInbox/Xapcmd.pm
@@ -89,8 +89,10 @@ sub commit_changes ($$$$) {
 
 sub cb_spawn {
 	my ($cb, $args, $opt) = @_; # $cb = cpdb() or compact()
-	defined(my $pid = fork) or die "fork: $!";
+	my $seed = rand(0xffffffff);
+	my $pid = fork // die "fork: $!";
 	return $pid if $pid > 0;
+	srand($seed);
 	$cb->($args, $opt);
 	POSIX::_exit(0);
 }