From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 4/9] ipc: run Net::SSLeay::randomize
Date: Fri, 1 Oct 2021 09:54:40 +0000 [thread overview]
Message-ID: <20211001095445.9326-5-e@80x24.org> (raw)
In-Reply-To: <20211001095445.9326-1-e@80x24.org>
Currently we don't use OpenSSL from child processes of parents
which use OpenSSL, but we may in the future. So ensure OpenSSL
initializes its PRNG after these forks to avoid one security
pitfall down the line.
---
lib/PublicInbox/IPC.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index 3e29def87bf5..205b5b92cf71 100644
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -103,6 +103,7 @@ sub ipc_worker_spawn {
my $pid = fork // die "fork: $!";
if ($pid == 0) {
srand($seed);
+ eval { Net::SSLeay::randomize() };
eval { PublicInbox::DS->Reset };
delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)};
$w_req = $r_res = undef;
@@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) {
my $pid = fork // die "fork: $!";
if ($pid == 0) {
srand($seed);
+ eval { Net::SSLeay::randomize() };
undef $bcast1;
eval { PublicInbox::DS->Reset };
delete @$self{qw(-wq_s1 -wq_ppid)};
next prev parent reply other threads:[~2021-10-01 9:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-01 9:54 [PATCH 0/9] daemon-related things Eric Wong
2021-10-01 9:54 ` [PATCH 1/9] doc: lei-security: some more updates Eric Wong
2021-10-01 9:54 ` [PATCH 2/9] listener: switch to level-triggered epoll Eric Wong
2021-10-01 9:54 ` [PATCH 3/9] daemon: make SO_ACCEPTFILTER a shared variable Eric Wong
2021-10-01 9:54 ` Eric Wong [this message]
2021-10-01 9:54 ` [PATCH 5/9] ds: simplify signalfd use Eric Wong
2021-10-01 9:54 ` [PATCH 6/9] inbox: inline and eliminate git_cleanup Eric Wong
2021-10-01 9:54 ` [PATCH 7/9] inbox: keep DB handles if git processes are live Eric Wong
2021-10-01 9:54 ` [PATCH 8/9] ds: inline set_cloexec Eric Wong
2021-10-01 9:54 ` [PATCH 9/9] doc: lei-daemon: new manpage Eric Wong
2021-10-02 0:19 ` Kyle Meyer
2021-10-02 8:08 ` Eric Wong
2021-10-04 3:16 ` Kyle Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211001095445.9326-5-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).