From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 469571F4B4 for ; Fri, 22 Jan 2021 20:01:19 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH] treewide: reseed RNG in child processes Date: Fri, 22 Jan 2021 20:01:19 +0000 Message-Id: <20210122200119.3654-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: This prevents name conflicts leading to retries and slowdowns in temporary file name generation. No actual data corruption resulted because all temporary files are opened with O_EXCL anyways. This may increase security for IMAP, NNTP, and HTTPS sessions using TLS, but it's all public data anyways. --- lib/PublicInbox/Daemon.pm | 3 +++ lib/PublicInbox/IPC.pm | 6 +++++- lib/PublicInbox/Watch.pm | 6 ++++++ lib/PublicInbox/Xapcmd.pm | 4 +++- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/Daemon.pm b/lib/PublicInbox/Daemon.pm index f5543c85..b5f97d81 100644 --- a/lib/PublicInbox/Daemon.pm +++ b/lib/PublicInbox/Daemon.pm @@ -533,10 +533,13 @@ EOF if ($n <= $want) { PublicInbox::DS::block_signals() if !$sigfd; for my $i ($n..$want) { + my $seed = rand(0xffffffff); my $pid = fork; if (!defined $pid) { warn "failed to fork worker[$i]: $!\n"; } elsif ($pid == 0) { + srand($seed); + eval { Net::SSLeay::randomize() }; $set_user->() if $set_user; return $p0; # run normal work code } else { diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm index dbb87e4e..6efaff38 100644 --- a/lib/PublicInbox/IPC.pm +++ b/lib/PublicInbox/IPC.pm @@ -105,8 +105,10 @@ sub ipc_worker_spawn { pipe(my ($r_res, $w_res)) or die "pipe: $!"; my $sigset = $oldset // PublicInbox::DS::block_signals(); $self->ipc_atfork_prepare; - defined(my $pid = fork) or die "fork: $!"; + my $seed = rand(0xffffffff); + my $pid = fork // die "fork: $!"; if ($pid == 0) { + srand($seed); eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_workers -wq_ppid)}; $w_req = $r_res = undef; @@ -286,8 +288,10 @@ sub wq_do { # always async sub _wq_worker_start ($$) { my ($self, $oldset) = @_; + my $seed = rand(0xffffffff); my $pid = fork // die "fork: $!"; if ($pid == 0) { + srand($seed); eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_workers -wq_ppid)}; $SIG{$_} = 'IGNORE' for (qw(PIPE TTOU TTIN)); diff --git a/lib/PublicInbox/Watch.pm b/lib/PublicInbox/Watch.pm index 9a729140..1de5018d 100644 --- a/lib/PublicInbox/Watch.pm +++ b/lib/PublicInbox/Watch.pm @@ -625,8 +625,11 @@ sub imap_idle_fork ($$) { my ($self, $url_intvl) = @_; my ($url, $intvl) = @$url_intvl; pipe(my ($r, $w)) or die "pipe: $!"; + my $seed = rand(0xffffffff); defined(my $pid = fork) or die "fork: $!"; if ($pid == 0) { + srand($seed); + eval { Net::SSLeay::randomize() }; close $r; watch_atfork_child($self); watch_imap_idle_1($self, $url, $intvl); @@ -704,8 +707,11 @@ sub poll_fetch_fork ($) { # DS::add_timer callback return if $self->{quit}; pipe(my ($r, $w)) or die "pipe: $!"; my $oldset = watch_atfork_parent($self); + my $seed = rand(0xffffffff); my $pid = fork; if (defined($pid) && $pid == 0) { + srand($seed); + eval { Net::SSLeay::randomize() }; close $r; watch_atfork_child($self); if ($urls->[0] =~ m!\Aimaps?://!i) { diff --git a/lib/PublicInbox/Xapcmd.pm b/lib/PublicInbox/Xapcmd.pm index 8de516ef..269aa99a 100644 --- a/lib/PublicInbox/Xapcmd.pm +++ b/lib/PublicInbox/Xapcmd.pm @@ -89,8 +89,10 @@ sub commit_changes ($$$$) { sub cb_spawn { my ($cb, $args, $opt) = @_; # $cb = cpdb() or compact() - defined(my $pid = fork) or die "fork: $!"; + my $seed = rand(0xffffffff); + my $pid = fork // die "fork: $!"; return $pid if $pid > 0; + srand($seed); $cb->($args, $opt); POSIX::_exit(0); }