| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support getrandom() for pg_strong_random() source |
| Date: | 2025-08-18 23:43:46 |
| Message-ID: | CAOYmi+=D7mPU_R8byM=TMTg533Uzz-ohNCiehfJG+CQZEj_bAA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 18, 2025 at 4:17 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Mon, Aug 18, 2025 at 08:38:25AM -0700, Jacob Champion wrote:
> > - Need for safety in virtualized environments
> > - ...?
>
> Interesting. What do you mean by this point? Isolation of the
> random computations on a VM/container basis even if these are
> originally from the same host?
One motivating example is "I paused my VM and cloned it and now both
application instances are giving me the same random numbers." (I
haven't looked into OpenSSL enough to know if it has developed some
magic way around this, for the record.) NetBSD talks about this a bit
at [1].
I'd imagine that there are other nice things about moving it down into
the kernel, like core dumps becoming ever so slightly less dangerous?
But that's pretty out there.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andy Fan | 2025-08-18 23:55:10 | Re: Proposal: Extending the PostgreSQL Protocol with Command Metadata |
| Previous Message | Michael Paquier | 2025-08-18 23:34:11 | Re: Compilation issues for HASH_STATISTICS and HASH_DEBUG options |