I've seen this before - it might depend on loaded modules (e.g. a module might call srand in the parent). I've applied the patch anyway as it's sensible.
Except that the salt chosen is a constant value (vs time at least):
$ perl -le '$port = 23543; $iaddr = "\cL&\cV\cF"; for ($i=0; $i < 10; $i++) {
print ($$ ^ $port) ^ (time ^ unpack("C*", $iaddr)); sleep 1; }'
21661
21661
21661
21661
21661
21661
21661
21661
21661
21661whereas if you remove the first term, it changes (a little):
$ perl -le '$port = 23543; $iaddr = "\cL&\cV\cF"; for ($i=0; $i < 10; $i++) {
print (time ^ unpack("C*", $iaddr)); sleep 1; }'
1090066797
1090066798
1090066799
1090066792
1090066793
1090066794
1090066795
1090066788
1090066789
1090066790Even though we can be assured that no two processes will have the same $port and $iaddr at the one time, isn't it always preferrable to choose a salt with more entropy?
John
