Am 24.10.2013 13:36, schrieb Victor Stinner: > IMO the best place to fix the bug is in OpenSSL directly: RAND_bytes() > function of OpenSSL can detect a fork using getpid() and add more > entropy (in the child or maybe in the parent process). OpenSSL has > access to entropy sources and knows all mutexes, whereas Python can > only guess the list of mutexes (there are probably many more private > mutexes). OpenSSL may use pthread_atfork() internally. That's not going to happen anytime soon (if ever). It doesn't solve old installation, too. You are forgetting that ssl.RAND_bytes() and RAND_pseudo_bytes() are our least concern. The problem also affects the TLS/SSL handshake and any internal OpenSSL code that needs a CPRNG. > Reminder: you are supposed to only call exec() after fork(), nothing > else :-) (Only signal-safe functions are officially supported between > exec() and fork()). How are forking web servers suppose to work if you can't use read() or write()? :)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4