[Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed (original) (raw)

Victor Stinner victor.stinner at gmail.com
Thu Oct 24 13:36:23 CEST 2013

• Previous message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Next message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2013/10/24 Christian Heimes <christian at python.org>:

There seems to be a problem with the security fix "Re-seed OpenSSL's PRNG after fork":

http://bugs.python.org/issue18747 http://bugs.python.org/issue19227

Yes, Charles Francois warned us that adding a pthread_atfork() hook to add entropy may add a deadlock. Such change should not be added to stable releases, even if it is supposed to improve the security.

Perhaps it's best to disable the pthreadatfork() handler for the upcoming releases and replace it with security note in the ssl module, os.fork() and release notes.

IMO the best place to fix the bug is in OpenSSL directly: RAND_bytes() function of OpenSSL can detect a fork using getpid() and add more entropy (in the child or maybe in the parent process). OpenSSL has access to entropy sources and knows all mutexes, whereas Python can only guess the list of mutexes (there are probably many more private mutexes). OpenSSL may use pthread_atfork() internally.

http://www.openwall.com/lists/oss-security/2013/04/12/3 "I believe it is wrong to fix this in PostgreSQL. Rather, this is a bug in the OpenSSL fork protection code. It should either install a fork hook, or reseed the PRNG from /dev/urandom if a PID change is detected."

I wrote a patch for OpenSSL long time ago (when working on my Hasard project, PRNG library), but I don't remember if I proposed it upstream: https://bitbucket.org/haypo/hasard/src/tip/patches/openssl_rand_fork.patch

If you are using fork() and the ssl module in the same application then you must re-seed the PRNG with ssl.RANDadd() every now and then.

You should explain that the issue only occurs if you fork more than 2^16 times and two child processes get the same pid. I wouldn't say that it is unlikely, but just that there is no reason to scare users if they are not vulnerable.

The issue can occur if a process spawn a lot of processes.

Reminder: you are supposed to only call exec() after fork(), nothing else :-) (Only signal-safe functions are officially supported between exec() and fork()).

Victor

• Previous message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Next message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list