Opened 7 years ago

Closed 6 years ago

#456 closed enhancement (fixed)

ngx_random: random number generator initialized (srandom) to same value for all processes

Reported by: Thomas Lochmatter Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.3.x
Keywords: ngx_random, random number generator, random, srandom, rng, prng Cc:
uname -a: Linux croppola 3.2.45-xenU-7899-x86_64 #6 SMP Tue May 21 12:39:46 UTC 2013 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.5.7
built by gcc 4.7.2 (Debian 4.7.2-5)
TLS SNI support enabled
configure arguments: --with-http_stub_status_module --with-http_ssl_module --with-http_spdy_module --add-module=/path/to/croppola/module

Description

In src/os/unix/ngx_posix_init.c, the line

srandom(ngx_time());

is used to initialize the PRNG. Since all worker processes are started at roughly the same time, ngx_time() is very likely to return the same value. Hence, the processes are likely to use the same initial PRNG value, and therefore produce the same random sequence.

Suggestion:

srandom((ngx_getpid() << 16) ^ ngx_time());

to combine the process ID and the time.

Change History (4)

comment:1 by Maxim Dounin, 7 years ago

Status: newaccepted

Initialization in question is done in a master process, and changing it to use pid won't help. Something like this should do the trick:

diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -959,6 +959,8 @@ ngx_worker_process_init(ngx_cycle_t *cyc
                       "sigprocmask() failed");
     }
 
+    srandom((ngx_pid << 16) ^ ngx_time());
+
     /*
      * disable deleting previous events for the listening sockets because
      * in the worker processes there are no events at all at this point
diff --git a/src/os/win32/ngx_win32_init.c b/src/os/win32/ngx_win32_init.c
--- a/src/os/win32/ngx_win32_init.c
+++ b/src/os/win32/ngx_win32_init.c
@@ -228,7 +228,7 @@ ngx_os_init(ngx_log_t *log)
         ngx_sprintf((u_char *) ngx_unique, "%P%Z", ngx_pid);
     }
 
-    srand((unsigned) ngx_time());
+    srand((ngx_pid << 16) ^ ((unsigned) ngx_time()));
 
     return NGX_OK;
 }

comment:2 by Thomas Lochmatter, 7 years ago

Great - thank you very much for the quick help.

comment:3 by Maxim Dounin <mdounin@…>, 6 years ago

In b91bcba2935185ad1e0c2568b8d4450c5b94b9f2/nginx:

Added per-process random seeding (ticket #456).

comment:4 by Maxim Dounin, 6 years ago

Resolution: fixed
Status: acceptedclosed

Fix committed, thanks.

Note: See TracTickets for help on using tickets.