fix: no-op math.randomseed() once called by Kong #1558
Conversation
thibaultcha
force-pushed
the
fix/noop-randomseed
branch
from
1dea58a to
c880d05
Compare
| ngx.log(ngx.DEBUG, "seeding random number generator for worker ", | ||
| ngx.worker.id(), " with: ", seed) | ||
| -- luacheck: globals math | ||
| math.randomseed = function()end |
There was a problem hiding this comment.
isn't this too late? it replaces it when seeding, so any other module might have cached the original function and still call it.
So store the original in an upvalue, and replace upon module loading? and then even make sure it is loaded first...
There was a problem hiding this comment.
btw maybe cleaner to create a new module globalpatches or something similar. And just replace math.randomseed with the one from lua-resty-jit-uuid.
Or even update lua-resty-jit-uuid to make its randomseed signature like randomseed(seed, cmd) where cmd could be either string 'patch' (patches the global randomseed), or 'force' (forces a new randomseed anyway, to be called from worker_init).
thibaultcha
force-pushed
the
fix/noop-randomseed
branch
from
c880d05 to
58e39e5
Compare
|
Patch updated |
| elseif not seed then | ||
| seed = ngx.time() * ngx.worker.pid() | ||
| ngx.log(ngx.DEBUG, "seeding random number generator for worker ", | ||
| ngx.worker.id(), " with: ", seed) |
There was a problem hiding this comment.
not a typo but will also include pid
|
I like it in a new module for global patches, stands out cleanly. lgtm! |
thibaultcha
added
pr/ready (but hold merge)
thibaultcha
force-pushed
the
fix/noop-randomseed
branch
2 times, most recently
from
f1ae43f to
ab69a62
Compare
Patch `math.random` to prevent it from being called by another context than init_worker, and especially to prevent it from being called multiple times. It is being patched very early in Kong's runtime so we're sure no other module has time to cache the original `math.random` function. * implement a `globalpatches.lua` module for modifying `_G`. * seed in init_worker with `math.randomseed`
Summary
This replaces #1554, since the improved seeding technique was not an
appropriate fix. To this point, I do not think it is worth investing in such a
complex seeding technique as the root of the issue really was the
continuous use of
math.randomseed()by one of Lapis' utilities.Changes
math.randomseed()to preventthird-party modules from overriding our correct seed (many modules
make a wrong usage of
math.randomseed()by calling it multiple timesor do not use unique seed for Nginx workers.
uuid.seed()changesUpdate:
fix: patch math.randomseed() to prevent invalid calls …
Patch
math.randomto prevent it from being called by another contextthan init_worker, and especially to prevent it from being called
multiple times. It is being patched very early in Kong's runtime so
we're sure no other module has time to cache the original
math.randomfunction.
globalpatches.luamodule for modifying_G.math.randomseed