From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 03D6F1FB06 for ; Fri, 1 Oct 2021 09:54:46 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 4/9] ipc: run Net::SSLeay::randomize Date: Fri, 1 Oct 2021 09:54:40 +0000 Message-Id: <20211001095445.9326-5-e@80x24.org> In-Reply-To: <20211001095445.9326-1-e@80x24.org> References: <20211001095445.9326-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Currently we don't use OpenSSL from child processes of parents which use OpenSSL, but we may in the future. So ensure OpenSSL initializes its PRNG after these forks to avoid one security pitfall down the line. --- lib/PublicInbox/IPC.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm index 3e29def87bf5..205b5b92cf71 100644 --- a/lib/PublicInbox/IPC.pm +++ b/lib/PublicInbox/IPC.pm @@ -103,6 +103,7 @@ sub ipc_worker_spawn { my $pid = fork // die "fork: $!"; if ($pid == 0) { srand($seed); + eval { Net::SSLeay::randomize() }; eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)}; $w_req = $r_res = undef; @@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) { my $pid = fork // die "fork: $!"; if ($pid == 0) { srand($seed); + eval { Net::SSLeay::randomize() }; undef $bcast1; eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_ppid)};