[Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed (original) (raw)

Christian Heimes christian at python.org
Thu Oct 24 14:22:38 CEST 2013

• Previous message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Next message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 24.10.2013 13:36, schrieb Victor Stinner:

IMO the best place to fix the bug is in OpenSSL directly: RANDbytes() function of OpenSSL can detect a fork using getpid() and add more entropy (in the child or maybe in the parent process). OpenSSL has access to entropy sources and knows all mutexes, whereas Python can only guess the list of mutexes (there are probably many more private mutexes). OpenSSL may use pthreadatfork() internally.

That's not going to happen anytime soon (if ever). It doesn't solve old installation, too.

You are forgetting that ssl.RAND_bytes() and RAND_pseudo_bytes() are our least concern. The problem also affects the TLS/SSL handshake and any internal OpenSSL code that needs a CPRNG.

Reminder: you are supposed to only call exec() after fork(), nothing else :-) (Only signal-safe functions are officially supported between exec() and fork()).

How are forking web servers suppose to work if you can't use read() or write()? :)

• Previous message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Next message: [Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list