* [PATCH 4/9] ipc: run Net::SSLeay::randomize
2021-10-01 9:54 5% [PATCH 0/9] daemon-related things Eric Wong
@ 2021-10-01 9:54 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2021-10-01 9:54 UTC (permalink / raw)
To: meta
Currently we don't use OpenSSL from child processes of parents
which use OpenSSL, but we may in the future. So ensure OpenSSL
initializes its PRNG after these forks to avoid one security
pitfall down the line.
---
lib/PublicInbox/IPC.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm
index 3e29def87bf5..205b5b92cf71 100644
--- a/lib/PublicInbox/IPC.pm
+++ b/lib/PublicInbox/IPC.pm
@@ -103,6 +103,7 @@ sub ipc_worker_spawn {
my $pid = fork // die "fork: $!";
if ($pid == 0) {
srand($seed);
+ eval { Net::SSLeay::randomize() };
eval { PublicInbox::DS->Reset };
delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)};
$w_req = $r_res = undef;
@@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) {
my $pid = fork // die "fork: $!";
if ($pid == 0) {
srand($seed);
+ eval { Net::SSLeay::randomize() };
undef $bcast1;
eval { PublicInbox::DS->Reset };
delete @$self{qw(-wq_s1 -wq_ppid)};
^ permalink raw reply related [relevance 7%]
* [PATCH 0/9] daemon-related things
@ 2021-10-01 9:54 5% Eric Wong
2021-10-01 9:54 7% ` [PATCH 4/9] ipc: run Net::SSLeay::randomize Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2021-10-01 9:54 UTC (permalink / raw)
To: meta
5/9 has been a long-time coming, a few other small things, too.
The diff stat for lib/ alone shows a nice reduction
Eric Wong (9):
doc: lei-security: some more updates
listener: switch to level-triggered epoll
daemon: make SO_ACCEPTFILTER a shared variable
ipc: run Net::SSLeay::randomize
ds: simplify signalfd use
inbox: inline and eliminate git_cleanup
inbox: keep DB handles if git processes are live
ds: inline set_cloexec
doc: lei-daemon: new manpage
Documentation/lei-daemon.pod | 61 ++++++++++++++++
Documentation/lei-security.pod | 5 +-
Documentation/lei.pod | 9 ++-
Documentation/lei_design_notes.txt | 2 +-
MANIFEST | 1 +
Makefile.PL | 2 +-
lib/PublicInbox/ConfigIter.pm | 2 +-
lib/PublicInbox/DS.pm | 110 ++++++++++++++---------------
lib/PublicInbox/DSKQXS.pm | 10 +--
lib/PublicInbox/Daemon.pm | 20 ++----
lib/PublicInbox/ExtMsg.pm | 2 +-
lib/PublicInbox/ExtSearchIdx.pm | 12 +---
lib/PublicInbox/Gcf2Client.pm | 4 +-
lib/PublicInbox/Git.pm | 4 +-
lib/PublicInbox/IPC.pm | 5 +-
lib/PublicInbox/Inbox.pm | 41 +++++------
lib/PublicInbox/LEI.pm | 17 +----
lib/PublicInbox/Listener.pm | 5 +-
lib/PublicInbox/Qspawn.pm | 2 +-
lib/PublicInbox/Sigfd.pm | 10 +--
lib/PublicInbox/Syscall.pm | 12 ++--
lib/PublicInbox/Watch.pm | 3 +-
script/public-inbox-watch | 9 ---
t/dir_idle.t | 6 +-
t/ds-leak.t | 4 +-
t/httpd-corner.t | 4 +-
t/httpd-https.t | 6 +-
t/httpd.t | 6 +-
t/imapd-tls.t | 7 +-
t/imapd.t | 6 +-
t/nntpd-tls.t | 7 +-
t/nntpd.t | 2 +-
t/sigfd.t | 7 +-
t/watch_maildir.t | 2 +-
xt/mem-imapd-tls.t | 6 +-
xt/net_writer-imap.t | 2 +-
36 files changed, 221 insertions(+), 192 deletions(-)
create mode 100644 Documentation/lei-daemon.pod
^ permalink raw reply [relevance 5%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-10-01 9:54 5% [PATCH 0/9] daemon-related things Eric Wong
2021-10-01 9:54 7% ` [PATCH 4/9] ipc: run Net::SSLeay::randomize Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).