jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Reseed the random number generator after fork().

Browse Source 
Web applications use random numbers for things like sessions, if
we don't reseed then each worker will generate the same sequence
of random numbers which can lead to security concerns.

Thanks to Jonas Borgström for the patch.
This commit is contained in:
Paul J. Davis 2010-08-19 19:01:16 -04:00
parent 5a4e16cf5b
commit abb4f2a765
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
THANKS
View File

@ -13,3 +13,5 @@ Chris Dent <chris.dent@gmail.com>
Matt Good <matt@matt-good.net> Matt Good <matt@matt-good.net>
Randall Leeds <randall.leeds@gmail.com> Randall Leeds <randall.leeds@gmail.com>
thomasst <http://github.com/thomasst> thomasst <http://github.com/thomasst>
Jonas Borgström <http://github.com/jborg>

4
gunicorn/workers/base.py
View File

@ -6,6 +6,7 @@
import logging import logging
import os import os
import random
import signal import signal
import sys import sys
import tempfile import tempfile
@ -82,6 +83,9 @@ class Worker(object):
""" """
util.set_owner_process(self.cfg.uid, self.cfg.gid) util.set_owner_process(self.cfg.uid, self.cfg.gid)
# Reseed the random number generator
random.seed()
# For waking ourselves up # For waking ourselves up
self.PIPE = os.pipe() self.PIPE = os.pipe()
map(util.set_non_blocking, self.PIPE) map(util.set_non_blocking, self.PIPE)