This should have gone to security@postgresql.org, instead.
On Fri, Dec 21, 2012 at 06:05:10PM +0200, Marko Kreen wrote:
> When there is 'ssl=on' then postmaster calls SSL_CTX_new(),
> which asks for random number, thus requiring initialization
> of randomness pool (RAND_poll). After that all forked backends
> think pool is already initialized. Thus they proceed with same
> fixed state they got from postmaster.
> Attached patch makes both gen_random_bytes() and pgp_encrypt()
> seed pool with output from gettimeofday(), thus getting pool
> off from fixed state. Basically, this mirrors what SSL_accept()
> already does.
That adds only 10-20 bits of entropy. Is that enough?
How about instead calling RAND_cleanup() after each backend fork?
Thanks,
nm