NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit49a91b8

committed

Avoid using PostmasterRandom() for DSM control segment ID.

Commits470d886 et al intended to fix the problem that the postmasterselected the same "random" DSM control segment ID on every start. Butusing PostmasterRandom() for that destroys the intended property that thedelay between random_start_time and random_stop_time will be unpredictable.(Said delay is probably already more predictable than we could wish, butthat doesn't mean that reducing it by a couple orders of magnitude is OK.)Revert the previous patch and add a comment warning against misuse ofPostmasterRandom. Fix the original problem by calling srandom() early inPostmasterMain, using a low-security seed that will later be overwrittenby PostmasterRandom.Discussion: <20789.1474390434@sss.pgh.pa.us>

1 parent6fa51c7 commit49a91b8Copy full SHA for 49a91b8

File tree

3 files changed

+17

-4

lines changed

src
- backend
  - postmaster
    - postmaster.c
  - storage/ipc
    - dsm.c
- include/postmaster
  - postmaster.h

3 files changed

+17

-4

lines changed

`‎src/backend/postmaster/postmaster.c`

Lines changed: 16 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -403,6 +403,7 @@ static void processCancelRequest(Port port, void pkt);`
`403`	`403`	`staticintinitMasks(fd_set*rmask);`
`404`	`404`	`staticvoidreport_fork_failure_to_client(Port*port,interrnum);`
`405`	`405`	`staticCAC_statecanAcceptConnections(void);`
	`406`	`+staticlongPostmasterRandom(void);`
`406`	`407`	`staticvoidRandomSalt(char*salt,intlen);`
`407`	`408`	`staticvoidsignal_child(pid_tpid,intsignal);`
`408`	`409`	`staticboolSignalSomeChildren(intsignal,inttargets);`
`@@ -574,6 +575,16 @@ PostmasterMain(int argc, char *argv[])`
`574`	`575`	`*/`
`575`	`576`	`umask(S_IRWXG \|S_IRWXO);`
`576`	`577`
	`578`	`+/*`
	`579`	`+ * Initialize random(3) so we don't get the same values in every run.`
	`580`	`+ *`
	`581`	`+ * Note: the seed is pretty predictable from externally-visible facts such`
	`582`	`+ * as postmaster start time, so avoid using random() for security-critical`
	`583`	`+ * random values during postmaster startup. At the time of first`
	`584`	`+ * connection, PostmasterRandom will select a hopefully-more-random seed.`
	`585`	`+ */`
	`586`	`+srandom((unsignedint) (MyProcPid ^MyStartTime));`
	`587`	`+`
`577`	`588`	`/*`
`578`	`589`	`* By default, palloc() requests in the postmaster will be allocated in`
`579`	`590`	`* the PostmasterContext, which is space that can be recycled by backends.`
`@@ -5099,8 +5110,12 @@ RandomSalt(char *salt, int len)`
`5099`	`5110`
`5100`	`5111`	`/*`
`5101`	`5112`	`* PostmasterRandom`
	`5113`	`+ *`
	`5114`	`+ * Caution: use this only for values needed during connection-request`
	`5115`	`+ * processing. Otherwise, the intended property of having an unpredictable`
	`5116`	`+ * delay between random_start_time and random_stop_time will be broken.`
`5102`	`5117`	`*/`
`5103`		`-long`
	`5118`	`+staticlong`
`5104`	`5119`	`PostmasterRandom(void)`
`5105`	`5120`	`{`
`5106`	`5121`	`/*`

`‎src/backend/storage/ipc/dsm.c`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@`
`36`	`36`
`37`	`37`	`#include"lib/ilist.h"`
`38`	`38`	`#include"miscadmin.h"`
`39`		`-#include"postmaster/postmaster.h"`
`40`	`39`	`#include"storage/dsm.h"`
`41`	`40`	`#include"storage/ipc.h"`
`42`	`41`	`#include"storage/lwlock.h"`
`@@ -182,7 +181,7 @@ dsm_postmaster_startup(PGShmemHeader *shim)`
`182`	`181`	`{`
`183`	`182`	`Assert(dsm_control_address==NULL);`
`184`	`183`	`Assert(dsm_control_mapped_size==0);`
`185`		`-dsm_control_handle=(dsm_handle)PostmasterRandom();`
	`184`	`+dsm_control_handle=random();`
`186`	`185`	`if (dsm_control_handle==0)`
`187`	`186`	`continue;`
`188`	`187`	`if (dsm_impl_op(DSM_OP_CREATE,dsm_control_handle,segsize,`

`‎src/include/postmaster/postmaster.h`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,6 @@ extern const char *progname;`
`48`	`48`
`49`	`49`	`externvoidPostmasterMain(intargc,char*argv[])pg_attribute_noreturn();`
`50`	`50`	`externvoidClosePostmasterPorts(boolam_syslogger);`
`51`		`-externlongPostmasterRandom(void);`
`52`	`51`
`53`	`52`	`externintMaxLivePostmasterChildren(void);`
`54`	`53`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit49a91b8

File tree

3 files changed

3 files changed

`‎src/backend/postmaster/postmaster.c`

`‎src/backend/storage/ipc/dsm.c`

`‎src/include/postmaster/postmaster.h`

0 commit comments