Peter Geoghegan <pg@bowt.ie> writes:
> On Wed, Dec 26, 2018 at 6:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Now, we could probably fix that with some less intrusive patch than
>> #define'ing random() --- in particular, if we give drandom and setseed
>> their own private PRNG state, we've really fixed the security exposure
>> without need to change anything else anywhere. So maybe we should
>> just do that and be happy.
> +1. I don't like the idea of #define'ing random() myself.
> We're already making fairly broad assumptions about our having control
> of the backend's PRNG state within InitProcessGlobals(). How should
> this affect the new drandom()/setseed() private state, if at all?
I would think that InitProcessGlobals would initialize drandom's
seed alongside random()'s seed. Hopefully to values not easily
predictable from each other -- see also Munro's comment, which
I'll respond to in a moment.
regards, tom lane