Re: random() (was Re: New GUC to sample log queries)

Peter Geoghegan <pg@bowt.ie> writes:
> On Wed, Dec 26, 2018 at 6:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Now, we could probably fix that with some less intrusive patch than
>> #define'ing random() --- in particular, if we give drandom and setseed
>> their own private PRNG state, we've really fixed the security exposure
>> without need to change anything else anywhere.  So maybe we should
>> just do that and be happy.

> +1. I don't like the idea of #define'ing random() myself.

> We're already making fairly broad assumptions about our having control
> of the backend's PRNG state within InitProcessGlobals(). How should
> this affect the new drandom()/setseed() private state, if at all?

I would think that InitProcessGlobals would initialize drandom's
seed alongside random()'s seed.  Hopefully to values not easily
predictable from each other -- see also Munro's comment, which
I'll respond to in a moment.

            regards, tom lane