[Python-Dev] OS X 10.9 Mavericks -> 2.7.6/3.3.3 updates needed
Christian Heimes
christian at python.org
Thu Oct 24 14:22:38 CEST 2013
Am 24.10.2013 13:36, schrieb Victor Stinner:
> IMO the best place to fix the bug is in OpenSSL directly: RAND_bytes()
> function of OpenSSL can detect a fork using getpid() and add more
> entropy (in the child or maybe in the parent process). OpenSSL has
> access to entropy sources and knows all mutexes, whereas Python can
> only guess the list of mutexes (there are probably many more private
> mutexes). OpenSSL may use pthread_atfork() internally.
That's not going to happen anytime soon (if ever). It doesn't solve old
installation, too.
You are forgetting that ssl.RAND_bytes() and RAND_pseudo_bytes() are our
least concern. The problem also affects the TLS/SSL handshake and any
internal OpenSSL code that needs a CPRNG.
> Reminder: you are supposed to only call exec() after fork(), nothing
> else :-) (Only signal-safe functions are officially supported between
> exec() and fork()).
How are forking web servers suppose to work if you can't use read() or
write()? :)
More information about the Python-Dev
mailing list