Re: Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran
Date: 2016-10-17 20:03:04
Message-ID: CA+TgmobqmaeKYJwMgVvmoHQnaMG7V2Je1uBmHBtD7g5VQL+ZTw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

On Mon, Oct 17, 2016 at 2:14 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> But in general, I think that being this picky about cancel keys on systems
> that are too old to have /dev/random is not really helpful to anybody.
> I don't recall any reports of anyone ever having a DOS situation from
> weak cancel keys. It's fine to upgrade our practice where it's convenient
> to do that, but taking away functionality on systems where it's not
> convenient isn't improving anyone's life.

Right. I strongly agree with that. If somebody's running on a
platform where they don't have a good source of entropy, they are
clearly going to still want query cancel to work. They are not going
to want ^C to start doing nothing, and they are *definitely* not going
to want PostgreSQL to fail to compile and/or start. pgcrypto is a
different situation, but I think it's just crazy to say that the
problems with cancel keys are so bad that we should just refuse to run
at all. Anyone who is in this situation has this problem not just
with PostgreSQL but with everything on their system that wishes it had
cryptographically strong random numbers, which is probably quite a bit
of stuff. We shouldn't take the position that a machine without a
good PRNG is a brick. They just have to accept that random number
generation will be weaker not only for PostgreSQL but for any software
whatever that they run on that machine.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Browse pgsql-committers by date

  From Date Subject
Next Message Robert Haas 2016-10-17 20:09:55 Re: Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran
Previous Message Tom Lane 2016-10-17 18:14:23 Re: Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2016-10-17 20:09:55 Re: Re: [COMMITTERS] pgsql: Replace PostmasterRandom() with a stronger way of generating ran
Previous Message Robert Haas 2016-10-17 19:57:57 Re: Add PGDLLEXPORT to PG_FUNCTION_INFO_V1