On 01/16/2014 05:03 PM, David Jacobson wrote:
If you want to make sure they diverge, and make sure that multiple forks diverge differently, you should push in the process ID. Pushing in time helps with (but does not perfectly cure) the virtual machine copying problem. So I suggest pushing in the PID concatenated with some sort of time.
The PID is already mixed in. It turned out this was not sufficient because PIDs are reused (see e.g. CVE-2013-1900). My initial idea was to reseed the pool if a PID change was detected, but reseeding with a high-resolution timer appears preferable. It also sidesteps the LinuxThreads issue.
-- Florian Weimer / Red Hat Product Security Team ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
