#6648 closed Cleanup/optimization (worksforme)
random seed identical among preforked FastCGI instances
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Core (Other) | Version: | dev |
Severity: | Normal | Keywords: | random seed fastcgi fcgi prefork |
Cc: | flori@…, mmitar@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
While writing a basic captcha module, I was encountering a lot of duplicate strings of "random" text that I could not explain. Then I remembered seeing this comment on a separate session issue: http://code.djangoproject.com/ticket/1180#comment:20
Based on that info, I setup some extra logging, and it did appear that each of my FastCGI threads were producing identical random values. I was specifically using a call like this: random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ'). It's possible other random methods are not affected, I was only interested in that one. It seems the random seed is set prior to the fork, and each forked process thereafter produces identical random output as a result.
In my setup, I run manage.py with method=prefork, runfcgi, and a static number of processes. This is on an Ubuntu Gutsy AMD 64-bit (on Xen) with Python 2.5.1. I'm currently running against SVN Django, revision 7049.
My workaround was to add a middleware class with an init function that sets the random seed. This gets called at "startup" in each of the new FCGI processes, giving them unique random output. Obviously not ideal, but it gets the job done in my case.
import logging, logging.config import os, random, time class ReseedRandom(object): def __init__(self): logging.debug("setting new random seed for this process") random.seed("%d%s" % (os.getpid(), time.ctime()))
It would be much cleaner if the manage.py FCGI launcher could seed its random number generator AFTER the fork occurs, rather than before (or not at all, as the case may be).
Attachments (2)
Change History (16)
comment:1 by , 17 years ago
Triage Stage: | Unreviewed → Design decision needed |
---|
by , 16 years ago
Attachment: | 6648_fix_random_number_generator_fcgi_fork.diff added |
---|
comment:2 by , 16 years ago
Has patch: | set |
---|---|
Triage Stage: | Design decision needed → Unreviewed |
I can reproduce this - my users could :(
Given the following view and lighty+fastcgi+prefork:
def do_random(request): return HttpResponse(random.sample('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 5))
Produces in subsequent requests:
XDQIU AJMNL JIQXN XDQIU IROXL AJMNL YAPJL CUYOK ODKLA JIQXN WACZR IROXL CYUJE SNQLX YAPJL CUYOK UMOWL ODKLA PIXQG WACZR CYUJE
which is *NOT* random.
Applying the patch, the same view produces
QBLDN THPXF VSJQB RIPTF EZQRL OSNZY HQSOB VJSED HQBTO UTOJI VSTFY NHPBY QMITZ WJGZB QVDRN QCIOT GWYVQ RGZHE TXHKI
which seems fairly random.
comment:3 by , 16 years ago
Cc: | added |
---|
comment:4 by , 16 years ago
Cc: | added; removed |
---|
comment:5 by , 16 years ago
Component: | Uncategorized → Core framework |
---|
Reported this upstream:
http://trac.saddi.com/flup/ticket/35
I think, django should to add the workaround though.
comment:7 by , 16 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:8 by , 16 years ago
The current patch is broken.
ctime() will only produce different output each second (an example output is 'Mon Apr 27 14:18:38 2009'), so the same process will get the same random seed if two requests are handed to it during the same second.
It would be better to use something like random.seed("%d%f" % (getpid(), time())) , but I'm unsure if this is the correct way to fix this issue, so I won't submit a patch.
comment:9 by , 15 years ago
Actually by using '%d%f' % (getpid(), time()) you're usually decreasing the randomness of the generator since if you don't pass anything then os.urandom() will be used on most supporting operating systems (windows and linux for example), which is more random than hash() which will be used in the case of passing a string to seed().
comment:10 by , 14 years ago
Type: | → Cleanup/optimization |
---|
comment:11 by , 14 years ago
Easy pickings: | unset |
---|---|
Patch needs improvement: | set |
Severity: | → Normal |
6648_fix_random_number_generator_fcgi_fork.diff fails to apply cleanly on to trunk
by , 13 years ago
Attachment: | 6648_fix_random_number_generator_fcgi_fork-2.diff added |
---|
For Django 1.3+
comment:12 by , 13 years ago
Cc: | added |
---|---|
Patch needs improvement: | unset |
UI/UX: | unset |
I have attached a new patch version. It simply calls random.seed()
as this itself tries to initialize from os.urandom
if available or current time.
I came upon this problem with current Django version and python-flup package from Debian (1.0.2).
comment:13 by , 12 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
nginx + flup from pypi (both 1.0.2 and 1.0.3.dev-20110405) seem to work for me.
comment:14 by , 12 years ago
Have you tried preforking?
Could there be a test case made which would somehow test this?
Resets the random number generator's seed for each fcgi-child