Project

General

Profile

Actions
Copy link

Backport #4377

closed

popen("-") で、乱数が初期化されない

Added by kosaki (Motohiro KOSAKI) about 13 years ago. Updated almost 13 years ago.

Status:
Closed
Assignee:
yugui (Yuki Sonoda)
[ruby-dev:43178]

Description

=begin
昨日akrさんと雑談していて、ふと思い出したので記録のためにチケット化しておきます。
現在、CVE-2003-0900対策としてfork時にはrandom seedを再初期化する(よって親子で
ちがう乱数を生成する)のがRubyの仕様です。

% ruby-192 -ve ' pid=fork(); if pid.nil? then puts rand(); exit end; puts rand()'
ruby 1.9.2p174 (2011-01-28 revision 30696) [x86_64-linux]
0.908191694240406
0.08498496553239665

しかしながら、forkの親戚のpopen("-")ではこの処理が抜けているので、うっかりサーバー系で
popenすると危険です。

% ruby-192 -ve ' io = IO.popen("-"); if io.nil? then puts rand(); exit end; puts io.gets(); puts rand()'
ruby 1.9.2p174 (2011-01-28 revision 30696) [x86_64-linux]
0.3744795359283313
0.3744795359283313

[Bug #4121][ruby-dev:42686] の障害対応で入れた r30364 で一緒に直ります。
=end

Actions
Copy link
 #1

Updated by shyouhei (Shyouhei Urabe) about 13 years ago

  • Status changed from Open to Assigned
Actions
Copy link
 #2

Updated by yugui (Yuki Sonoda) almost 13 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r31850.
Motohiro, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

merges r30364 from trunk into ruby_1_9_2. Fixes #4377.

* io.c (pipe_open): Added rb_thread_atfork(). We must reinitialize
  GVL at new process creation.
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0