NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4203842

committed

Use pg_strong_random() to select each server process's random seed.

Previously we just set the seed based on process ID and start timestamp.Both those values are directly available within the session, and canbe found out or guessed by other users too, making the session's seriesof random(3) values fairly predictable. Up to now, our backend-internaluses of random(3) haven't seemed security-critical, but commit88bdbd3added one that potentially is: when using log_statement_sample_rate, auser might be able to predict which of his SQL statements will get logged.To improve this situation, upgrade the per-process seed initializationmethod to use pg_strong_random() if available, greatly reducing thepredictability of the initial seed value. This adds a few tens ofmicroseconds to process start time, but since backend startup time isat least a couple of milliseconds, that seems an acceptable price.This means that pg_strong_random() needs to be able to run withoutreliance on any backend infrastructure, since it will be invokedbefore any of that is up. It was safe for that already, but adjustcomments and #include commands to make it clearer.Discussion:https://postgr.es/m/3859.1545849900@sss.pgh.pa.us

1 parent6645ad6 commit4203842Copy full SHA for 4203842

File tree

2 files changed

+31

-14

lines changed

src
- backend/postmaster
  - postmaster.c
- port
  - pg_strong_random.c

2 files changed

+31

-14

lines changed

`‎src/backend/postmaster/postmaster.c`

Lines changed: 25 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -2520,11 +2520,13 @@ ClosePostmasterPorts(bool am_syslogger)`
`2520`	`2520`	`/*`
`2521`	`2521`	`* InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds`
`2522`	`2522`	`*`
`2523`		`- * Called early in every backend.`
	`2523`	`+ * Called early inthe postmaster andevery backend.`
`2524`	`2524`	`*/`
`2525`	`2525`	`void`
`2526`	`2526`	`InitProcessGlobals(void)`
`2527`	`2527`	`{`
	`2528`	`+unsignedintrseed;`
	`2529`	`+`
`2528`	`2530`	`MyProcPid=getpid();`
`2529`	`2531`	`MyStartTimestamp=GetCurrentTimestamp();`
`2530`	`2532`	`MyStartTime=timestamptz_to_time_t(MyStartTimestamp);`
`@@ -2539,15 +2541,30 @@ InitProcessGlobals(void)`
`2539`	`2541`	`#endif`
`2540`	`2542`
`2541`	`2543`	`/*`
`2542`		`- * Set a different seed for random() in every backend. Since PIDs and`
`2543`		`- * timestamps tend to change more frequently in their least significant`
`2544`		`- * bits, shift the timestamp left to allow a larger total number of seeds`
`2545`		`- * in a given time period. Since that would leave only 20 bits of the`
`2546`		`- * timestamp that cycle every ~1 second, also mix in some higher bits.`
	`2544`	`+ * Set a different seed for random() in every process. We want something`
	`2545`	`+ * unpredictable, so if possible, use high-quality random bits for the`
	`2546`	`+ * seed. Otherwise, fall back to a seed based on timestamp and PID.`
	`2547`	`+ *`
	`2548`	`+ * Note we can't use pg_backend_random here, since this is used in the`
	`2549`	`+ * postmaster, and even in a backend we might not be attached to shared`
	`2550`	`+ * memory yet.`
`2547`	`2551`	`*/`
`2548`		`-srandom(((uint64)MyProcPid) ^`
	`2552`	`+#ifdefHAVE_STRONG_RANDOM`
	`2553`	`+if (!pg_strong_random(&rseed,sizeof(rseed)))`
	`2554`	`+#endif`
	`2555`	`+{`
	`2556`	`+/*`
	`2557`	`+ * Since PIDs and timestamps tend to change more frequently in their`
	`2558`	`+ * least significant bits, shift the timestamp left to allow a larger`
	`2559`	`+ * total number of seeds in a given time period. Since that would`
	`2560`	`+ * leave only 20 bits of the timestamp that cycle every ~1 second,`
	`2561`	`+ * also mix in some higher bits.`
	`2562`	`+ */`
	`2563`	`+rseed= ((uint64)MyProcPid) ^`
`2549`	`2564`	`((uint64)MyStartTimestamp <<12) ^`
`2550`		`-((uint64)MyStartTimestamp >>20));`
	`2565`	`+((uint64)MyStartTimestamp >>20);`
	`2566`	`+}`
	`2567`	`+srandom(rseed);`
`2551`	`2568`	`}`
`2552`	`2569`
`2553`	`2570`

`‎src/port/pg_strong_random.c`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,10 @@`
`6`	`6`	`* Our definition of "strong" is that it's suitable for generating random`
`7`	`7`	`* salts and query cancellation keys, during authentication.`
`8`	`8`	`*`
	`9`	`+ * Note: this code is run quite early in postmaster and backend startup;`
	`10`	`+ * therefore, even when built for backend, it cannot rely on backend`
	`11`	`+ * infrastructure such as elog() or palloc().`
	`12`	`+ *`
`9`	`13`	`* Copyright (c) 1996-2018, PostgreSQL Global Development Group`
`10`	`14`	`*`
`11`	`15`	`* IDENTIFICATION`
`@@ -14,11 +18,7 @@`
`14`	`18`	`*-------------------------------------------------------------------------`
`15`	`19`	`*/`
`16`	`20`
`17`		`-#ifndefFRONTEND`
`18`		`-#include"postgres.h"`
`19`		`-#else`
`20`		`-#include"postgres_fe.h"`
`21`		`-#endif`
	`21`	`+#include"c.h"`
`22`	`22`
`23`	`23`	`#include<fcntl.h>`
`24`	`24`	`#include<unistd.h>`
`@@ -44,7 +44,7 @@ static HCRYPTPROV hProvider = 0;`
`44`	`44`	`* Read (random) bytes from a file.`
`45`	`45`	`*/`
`46`	`46`	`staticbool`
`47`		`-random_from_file(charfilename,voidbuf,size_tlen)`
	`47`	`+random_from_file(constcharfilename,voidbuf,size_tlen)`
`48`	`48`	`{`
`49`	`49`	`intf;`
`50`	`50`	`char*p=buf;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4203842

File tree

2 files changed

2 files changed

`‎src/backend/postmaster/postmaster.c`

`‎src/port/pg_strong_random.c`

0 commit comments