Re: random() (was Re: New GUC to sample log queries)
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Thomas Munro <thomas.munro@enterprisedb.com>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Peter Geoghegan <pg@bowt.ie>,
Michael Paquier <michael@paquier.xyz>,
Alvaro Herrera <alvherre@2ndquadrant.com>,
Adrien Nayrat <adrien.nayrat@anayrat.info>,
Dmitry Dolgov <9erthalion6@gmail.com>,
Tomas Vondra <tomas.vondra@2ndquadrant.com>,
Vik Fearing <vik.fearing@2ndquadrant.com>,
Robert Haas <robertmhaas@gmail.com>,
David Rowley <david.rowley@2ndquadrant.com>,
Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2018-12-28T23:15:05Z
Lists: pgsql-hackers
Attachments
- make-random-seed-more-random-1.patch (text/x-diff) patch
I wrote: > Thomas Munro <thomas.munro@enterprisedb.com> writes: >> +1, but I wonder if just separating them is enough. Is our seeding >> algorithm good enough for this new purpose? The initial seed is 100% >> predictable to a logged in user (it's made from the backend PID and >> backend start time, which we tell you), and not even that hard to >> guess from the outside, so I think Coverity's warning is an >> understatement in this case. Even if we separate the PRNG state used >> for internal stuff so that users can't clobber its seed from SQL, >> wouldn't it be possible to predict which statements will survive the >> log sampling filter given easily available information and a good >> guess at how many times random() (or whatever similar thing) has been >> called so far? > Yeah, that's a good point. Maybe we should upgrade the per-process > seed initialization to make it less predictable. I could see expending > a call of the strong RNG to contribute some more noise to the seeds > selected in InitProcessGlobals(). Here's a simple patch to do so. Looking at this, I seem to remember that we considered doing exactly this awhile ago, but refrained because there was concern about depleting the system's reserve of entropy if we have a high backend spawn rate, and it didn't seem like there was a security reason to insist on unpredictable random() results. However, the log-sampling patch destroys the latter argument. As for the former argument, I'm not sure how big a deal that really is. Presumably, the act of spawning a backend would itself contribute some more entropy to the pool (particularly if a network connection is involved), so the depletion problem might be fictitious in the first place. Also, a few references I consulted, such as the Linux urandom(4) man page, suggest that even in a depleted-entropy state the results of reading /dev/urandom should be random enough for all but the very strictest security requirements. Thoughts? regards, tom lane
Commits
-
Use pg_strong_random() to select each server process's random seed.
- 4203842a1cd0 12.0 landed
-
Use a separate random seed for SQL random()/setseed() functions.
- 6645ad6bdd81 12.0 landed
-
Marginal performance hacking in erand48.c.
- 6b9bba2df8d4 12.0 landed
-
Fix latent problem with pg_jrand48().
- e09046641114 12.0 landed
- f256995e33d2 10.7 landed
- d58e01f8abe2 11.2 landed
-
Silence compiler warning
- 9dc122585551 12.0 landed
-
Add log_statement_sample_rate parameter
- 88bdbd3f7460 12.0 landed