From: KOSAKI Motohiro <kosaki.motohiro@...>
Date: 2011-04-16T12:47:30+09:00
Subject: [ruby-core:35782] Re: [Ruby 1.9 - Bug #4579] SecureRandom + OpenSSL may repeat with fork

Hi

> Motohiro: I don't know you're serious or not about using pthread_atfork(), we should ask to change OpenSSL's "1 time initialization by RAND_poll() per process when using built-in MD based RPNG engine" strategy if we really want.

It's ruby's spec. We already decided random seed should reinitialize per fork.

void rb_thread_atfork(void)
{
    rb_thread_atfork_internal(terminate_atfork_i);
    GET_THREAD()->join_list_head = 0;

    /* We don't want reproduce CVE-2003-0900. */
    rb_reset_random_seed();
}

Now, SecureRandom is insecure than normal random from fork issue. It's
rather than unhappy.