I have added code to the postmaster to generate a random cancel key by
calling gettimeofday() on postmaster startup and on the first invocation
of a backend, and merged the micro-seconds of the two times to seed the
random number generator.
I added a PostmasterRandom() function which returns a random that is
XOR'ed with the original random seed, so it it not possible to take a
given cancel key and predict future random keys.
The only way you could do it would be to call random in your backend,
and somehow find the PREVIOUS random value. You could XOR it with your
cancel key to find the original seed, and then try going forward to
predict the next cancel value. Seems impossible to me.
This fulfills two goals, to make the random seed truly random, so the
cancel keys are not guess-able, and to make seeing your own cancel key
almost useless in computing other cancel keys. Not sure if you can
predict forward, but it is probably impossible to predict randoms
backward on any of our supported platforms.
Patch is posted to patches list.
Now I need help in passing the value to the font-end, and having the
front-end pass it to the backend for a cancel. I do not recommend
passing the pid because I will store the cancel key in the per-backend
structure, so having the pid does not help me find the backend. Might
as well just scan the table to find the matching cancel key, and kill
that backend. We will have to store the pid in the structure, but that
is easy to do.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
