tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Sexton" <geor...@mhsoftware.com>
Subject RE: /dev/urandom usage
Date Sat, 15 Aug 2009 23:00:46 GMT
OK, I looked at this some more.

What's really happening is ManagerBase is using /dev/urandom if it exists in
getRandomBytes(). getRandom() is just a fallback if devRandomSource
(/dev/urandom) doesn't exist.

>From digging deeper, it looks like StandardContext instantiates a copy of
StandardManager(). So, every context is opening the file.

Looking at StandardManager.stop() at around line 690, there's some code that
null's out the random variable.

It seems like this doesn't take into account the use of /dev/urandom. So, a
call to StandardManager.stop() doesn't close the file handle. Shouldn't
there be something like:

if (randomIS!=null) {
 try {
  randomIS.close();
 } catch (IOException ioe) {
 } finally {
  randomIS=null;
 }
}

Inserted into either StandardManager.stop() or ManagerBase.destroy()?


George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

> -----Original Message-----
> From: George Sexton [mailto:georges@mhsoftware.com]
> Sent: Friday, August 14, 2009 8:40 PM
> To: 'Tomcat Developers List'
> Subject: RE: /dev/urandom usage
> 
> > -----Original Message-----
> > From: Mark Thomas [mailto:markt@apache.org]
> > Sent: Friday, August 14, 2009 5:57 PM
> > To: Tomcat Developers List
> > Subject: Re: /dev/urandom usage
> >
> > George Sexton wrote:
> > > I've got a question and it's kind of deep developer question.
> > >
> > > I was poking around today looking at my tomcat instance running
> under
> > Linux.
> > >
> > > I was looking in the /proc/<pid>/fd directory, which is the list of
> > file
> > > descriptors open by my servlet application.
> > >
> > > There are around 1400 open file descriptors. What I don't
> understand
> > is why
> > > there are some 800+ file descriptors that are open to /dev/urandom.
> > On this
> > > particular host there are some 400 configured hosts/contexts.
> > >
> > > On another server, there are 1100 file descriptors open to
> > /dev/urandom. For
> > > this server, there are around 200 configured hosts/contexts.
> > >
> > > I'm using Sun JDK 1.6.0_14 on OpenSUSE 11.1. One machine is amd64
> > > architecture, while the other is i386.
> > >
> > > Does anyone have any idea what could be causing this? It seems kind
> > of
> > > strange to have 800-1200 file descriptors open to one pseudo file.
> >
> > Take a look at ManagerBase.getRandom(). The probably explains the
> > majority of it.
> >
> > Mark
> 
> Hmmmm. You'll have to execuse me if this is a dumb question, but does
> that
> mean that each session is creating its own instance of
> java.security.SecureRandom, and each instance of
> java.security.SecureRandom
> is opening /dev/urandom?
> 
> 
> 
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message