diff options
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 17 | ||||
| -rw-r--r-- | src/backend/storage/ipc/dsm.c | 3 | ||||
| -rw-r--r-- | src/include/postmaster/postmaster.h | 1 |
3 files changed, 17 insertions, 4 deletions
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 949e7e07402..f16a63aadee 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -399,6 +399,7 @@ static void processCancelRequest(Port *port, void *pkt); static int initMasks(fd_set *rmask); static void report_fork_failure_to_client(Port *port, int errnum); static CAC_state canAcceptConnections(void); +static long PostmasterRandom(void); static void RandomSalt(char *md5Salt); static void signal_child(pid_t pid, int signal); static bool SignalSomeChildren(int signal, int targets); @@ -569,6 +570,16 @@ PostmasterMain(int argc, char *argv[]) umask(S_IRWXG | S_IRWXO); /* + * Initialize random(3) so we don't get the same values in every run. + * + * Note: the seed is pretty predictable from externally-visible facts such + * as postmaster start time, so avoid using random() for security-critical + * random values during postmaster startup. At the time of first + * connection, PostmasterRandom will select a hopefully-more-random seed. + */ + srandom((unsigned int) (MyProcPid ^ MyStartTime)); + + /* * By default, palloc() requests in the postmaster will be allocated in * the PostmasterContext, which is space that can be recycled by backends. * Allocated data that needs to be available to backends should be @@ -5075,8 +5086,12 @@ RandomSalt(char *md5Salt) /* * PostmasterRandom + * + * Caution: use this only for values needed during connection-request + * processing. Otherwise, the intended property of having an unpredictable + * delay between random_start_time and random_stop_time will be broken. */ -long +static long PostmasterRandom(void) { /* diff --git a/src/backend/storage/ipc/dsm.c b/src/backend/storage/ipc/dsm.c index 70422972095..b82ae05e155 100644 --- a/src/backend/storage/ipc/dsm.c +++ b/src/backend/storage/ipc/dsm.c @@ -36,7 +36,6 @@ #include "lib/ilist.h" #include "miscadmin.h" -#include "postmaster/postmaster.h" #include "storage/dsm.h" #include "storage/ipc.h" #include "storage/lwlock.h" @@ -180,7 +179,7 @@ dsm_postmaster_startup(PGShmemHeader *shim) { Assert(dsm_control_address == NULL); Assert(dsm_control_mapped_size == 0); - dsm_control_handle = (dsm_handle) PostmasterRandom(); + dsm_control_handle = random(); if (dsm_control_handle == 0) continue; if (dsm_impl_op(DSM_OP_CREATE, dsm_control_handle, segsize, diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h index 69518303385..d16030482fa 100644 --- a/src/include/postmaster/postmaster.h +++ b/src/include/postmaster/postmaster.h @@ -48,7 +48,6 @@ extern const char *progname; extern void PostmasterMain(int argc, char *argv[]) pg_attribute_noreturn(); extern void ClosePostmasterPorts(bool am_syslogger); -extern long PostmasterRandom(void); extern int MaxLivePostmasterChildren(void); |