diff options
author | Eric Wong <e@80x24.org> | 2021-10-01 09:54:40 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2021-10-01 12:06:30 +0000 |
commit | 5824d0d4ffac120a2840c980b4570868d6b3ea6b (patch) | |
tree | 9df7601b403fc545ee6c0484210690b5b2f58436 /lib/PublicInbox | |
parent | 361a5b0d5aa7f96117725bd8bb2bc0a168963148 (diff) | |
download | public-inbox-5824d0d4ffac120a2840c980b4570868d6b3ea6b.tar.gz |
Currently we don't use OpenSSL from child processes of parents which use OpenSSL, but we may in the future. So ensure OpenSSL initializes its PRNG after these forks to avoid one security pitfall down the line.
Diffstat (limited to 'lib/PublicInbox')
-rw-r--r-- | lib/PublicInbox/IPC.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/PublicInbox/IPC.pm b/lib/PublicInbox/IPC.pm index 3e29def8..205b5b92 100644 --- a/lib/PublicInbox/IPC.pm +++ b/lib/PublicInbox/IPC.pm @@ -103,6 +103,7 @@ sub ipc_worker_spawn { my $pid = fork // die "fork: $!"; if ($pid == 0) { srand($seed); + eval { Net::SSLeay::randomize() }; eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_s2 -wq_workers -wq_ppid)}; $w_req = $r_res = undef; @@ -346,6 +347,7 @@ sub _wq_worker_start ($$$$) { my $pid = fork // die "fork: $!"; if ($pid == 0) { srand($seed); + eval { Net::SSLeay::randomize() }; undef $bcast1; eval { PublicInbox::DS->Reset }; delete @$self{qw(-wq_s1 -wq_ppid)}; |