random order with rand() is foreseeing
random order with rand() is foreseeing
am 27.07.2002 15:41:46 von Steve Alberty
Description:
Description:
The problem is affected in combination with 'order by' and
'rand()'.
Please check the report under:
http://bugs.php.net/bug.php?id=13287&edit=1
How-To-Repeat:
You can compare my results with the method which is reported in
php
bug report number 13287
http://bugs.php.net/bug.php?id=13287&edit=1
Fix:
Rewrote the random routines. I think this is not only a small
bug,
it is a potentially security hole if someone using this type of
random
results in a security environment.
Category: mysql
Class: sw-bug
Release: mysql-4.0.2-alpha (Source distribution) and mysql-3.x.x
System: Linux tratos 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686
unknown
Architecture: i686
------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail bugs-thread12233@lists.mysql.com
To unsubscribe, e-mail
Re: random order with rand() is foreseeing
am 29.07.2002 08:58:58 von Peter Zaitsev
On Saturday 27 July 2002 17:41, Steve Alberty wrote:
> Description:
> Description:
> =09The problem is affected in combination with 'order by' and
> 'rand()'.
> =09Please check the report under:
> =09http://bugs.php.net/bug.php?id=3D13287&edit=3D1
>
> How-To-Repeat:
> =09You can compare my results with the method which is reported in
Thank you for the bug report.
The problem was we initialize thread specific random seed with global one=
=20
which did not change so much between thread creations to lead to differen=
t=20
random number sequences. They were only shifted from each other on some=20
value, depending on server load.
Here is the patch for this problem. It may not be the final but at least =
it=20
solves the bug you reported.
--- 1.242/sql/mysqld.cc Mon Jul 15 15:33:52 2002
+++ 1.243/sql/mysqld.cc Mon Jul 29 10:54:58 2002
@@ -2250,7 +2250,11 @@
for (uint i=3D0; i < 8 ; i++) // Generate password=20
teststring
thd->scramble[i]=3D (char) (rnd(&sql_rand)*94+33);
thd->scramble[8]=3D0;
- thd->rand=3Dsql_rand;
+ /*=20
+ We need good random number initialization for new thread
+ Just coping global one will not work=20
+ */
+ randominit(&(thd->rand),(ulong) start_time,(ulong) thread_id);
thd->real_id=3Dpthread_self(); // Keep purify happy
=20
/* Start a new thread to handle connection */
--=20
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Peter Zaitsev
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer
/_/ /_/\_, /___/\___\_\___/ Moscow, Russia
<___/ www.mysql.com M: +7 095 725 4955
------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail bugs-thread12236@lists.mysql.com
To unsubscribe, e-mail
Re: random order with rand() is foreseeing
am 06.08.2002 00:29:00 von Michael Widenius
Hi!
>>>>> "Peter" == Peter Zaitsev writes:
Peter> On Saturday 27 July 2002 17:41, Steve Alberty wrote:
>> Description:
>> Description:
>> The problem is affected in combination with 'order by' and
>> 'rand()'.
>> Please check the report under:
>> http://bugs.php.net/bug.php?id=13287&edit=1
>>
>> How-To-Repeat:
>> You can compare my results with the method which is reported in
Peter> Thank you for the bug report.
Peter> The problem was we initialize thread specific random seed with global one
Peter> which did not change so much between thread creations to lead to different
Peter> random number sequences. They were only shifted from each other on some
Peter> value, depending on server load.
Peter> Here is the patch for this problem. It may not be the final but at least it
Peter> solves the bug you reported.
Peter> --- 1.242/sql/mysqld.cc Mon Jul 15 15:33:52 2002
Peter> +++ 1.243/sql/mysqld.cc Mon Jul 29 10:54:58 2002
Peter> @@ -2250,7 +2250,11 @@
Peter> for (uint i=0; i < 8 ; i++) // Generate password
Peter> teststring
thd-> scramble[i]= (char) (rnd(&sql_rand)*94+33);
thd-> scramble[8]=0;
Peter> - thd->rand=sql_rand;
Peter> + /*
Peter> + We need good random number initialization for new thread
Peter> + Just coping global one will not work
Peter> + */
Peter> + randominit(&(thd->rand),(ulong) start_time,(ulong) thread_id);
thd-> real_id=pthread_self(); // Keep purify happy
The above is almost ok; The problem is that start_time is a constant,
which will also not give a 'good' initialization value.
A better version is something like:
randominit(&(thd->rand),(ulong) (rnd(&sql_rand)*300000)+start_time,(ulong) thread_id);
I will fix this at once.
Regards,
Monty
------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail bugs-thread12290@lists.mysql.com
To unsubscribe, e-mail
Re: random order with rand() is foreseeing
am 06.08.2002 00:38:31 von Michael Widenius
Hi!
>>>>> "Peter" == Peter Zaitsev writes:
Peter> On Saturday 27 July 2002 17:41, Steve Alberty wrote:
>> Description:
>> Description:
>> The problem is affected in combination with 'order by' and
>> 'rand()'.
>> Please check the report under:
>> http://bugs.php.net/bug.php?id=13287&edit=1
>>
>> How-To-Repeat:
>> You can compare my results with the method which is reported in
Peter> Thank you for the bug report.
Peter> The problem was we initialize thread specific random seed with global one
Peter> which did not change so much between thread creations to lead to different
Peter> random number sequences. They were only shifted from each other on some
Peter> value, depending on server load.
Peter> Here is the patch for this problem. It may not be the final but at least it
Peter> solves the bug you reported.
Peter> --- 1.242/sql/mysqld.cc Mon Jul 15 15:33:52 2002
Peter> +++ 1.243/sql/mysqld.cc Mon Jul 29 10:54:58 2002
Peter> @@ -2250,7 +2250,11 @@
Peter> for (uint i=0; i < 8 ; i++) // Generate password
Peter> teststring
thd-> scramble[i]= (char) (rnd(&sql_rand)*94+33);
thd-> scramble[8]=0;
Peter> - thd->rand=sql_rand;
Peter> + /*
Peter> + We need good random number initialization for new thread
Peter> + Just coping global one will not work
Peter> + */
Peter> + randominit(&(thd->rand),(ulong) start_time,(ulong) thread_id);
thd-> real_id=pthread_self(); // Keep purify happy
The above is almost ok; The problem is that start_time is a constant,
which will also not give a 'good' initialization value.
A better version is something like:
randominit(&(thd->rand),(ulong) (rnd(&sql_rand)*300000)+start_time,(ulong) thread_id);
I will fix this at once.
Regards,
Monty
------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail bugs-thread12291@lists.mysql.com
To unsubscribe, e-mail