Reset OpenSSL randomness state in each postmaster child process.
Previously, if the postmaster initialized OpenSSL's PRNG (which it will do
when ssl=on in postgresql.conf), the same pseudo-random state would be
inherited by each forked child process. The problem is masked to a
considerable extent if the incoming connection uses SSL encryption, but
when it does not, identical pseudo-random state is made available to
functions like contrib/pgcrypto. The process's PID does get mixed into any
requested random output, but on most systems that still only results in 32K
or so distinct random sequences available across all Postgres sessions.
This might allow an attacker who has database access to guess the results
of "secure" operations happening in another session.
To fix, forcibly reset the PRNG after fork(). Each child process that has
need for random numbers from OpenSSL's generator will thereby be forced to
go through OpenSSL's normal initialization sequence, which should provide
much greater variability of the sequences. There are other ways we might
do this that would be slightly cheaper, but this approach seems the most
future-proof against SSL-related code changes.
This has been assigned CVE-2013-1900, but since the issue and the patch
have already been publicized on pgsql-hackers, there's no point in trying
to hide this commit.
Back-patch to all supported branches.
src/backend/postmaster/fork_process.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
pgsql-committers by date
|Next:||From: Michael Paquier||Date: 2013-03-28 01:00:43|
|Subject: Re: [COMMITTERS] pgsql: Allow external recovery_config_directory|
|Previous:||From: Simon Riggs||Date: 2013-03-27 21:37:51|
|Subject: Re: pgsql: Fix pasto which broke docs build.|