diff options
| author | Benjamin Peterson <benjamin@python.org> | 2012-02-21 21:08:05 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2012-02-21 21:08:05 (GMT) |
| commit | c9f54cf512996790266c17f81584c9725ee99d47 (patch) | |
| tree | f1208c4e6d7a2f2065a9ebcac6d602eedf8aae66 /Doc | |
| parent | 6ca5a4d49fdc55c2555a9692097e9966fd8b804f (diff) | |
| download | cpython-c9f54cf512996790266c17f81584c9725ee99d47.zip cpython-c9f54cf512996790266c17f81584c9725ee99d47.tar.gz cpython-c9f54cf512996790266c17f81584c9725ee99d47.tar.bz2 | |
enable hash randomization by default
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/reference/datamodel.rst | 24 | ||||
| -rw-r--r-- | Doc/using/cmdline.rst | 10 |
2 files changed, 27 insertions, 7 deletions
diff --git a/Doc/reference/datamodel.rst b/Doc/reference/datamodel.rst index 85953ad..3fb0bf6 100644 --- a/Doc/reference/datamodel.rst +++ b/Doc/reference/datamodel.rst @@ -1277,7 +1277,29 @@ Basic customization inheritance of :meth:`__hash__` will be blocked, just as if :attr:`__hash__` had been explicitly set to :const:`None`. - See also the :option:`-R` command-line option. + + .. note:: + + Note by default the :meth:`__hash__` values of str, bytes and datetime + objects are "salted" with an unpredictable random value. Although they + remain constant within an individual Python process, they are not + predictable between repeated invocations of Python. + + This is intended to provide protection against a denial-of-service caused + by carefully-chosen inputs that exploit the worst case performance of a + dict insertion, O(n^2) complexity. See + http://www.ocert.org/advisories/ocert-2011-003.html for details. + + Changing hash values affects the order in which keys are retrieved from a + dict. Although Python has never made guarantees about this ordering (and + it typically varies between 32-bit and 64-bit builds), enough real-world + code implicitly relies on this non-guaranteed behavior that the + randomization is disabled by default. + + See also :envvar:`PYTHONHASHSEED`. + + .. versionchanged:: 3.3 + Hash randomization is enabled by default. .. method:: object.__bool__(self) diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index b97dbcd..64d453e 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -24,7 +24,7 @@ Command line When invoking Python, you may specify any of these options:: - python [-bBdEhiORqsSuvVWx?] [-c command | -m module-name | script | - ] [args] + python [-bBdEhiOqsSuvVWx?] [-c command | -m module-name | script | - ] [args] The most common use case is, of course, a simple invocation of a script:: @@ -486,9 +486,8 @@ These environment variables influence Python's behavior. .. envvar:: PYTHONHASHSEED - If this variable is set to ``random``, the effect is the same as specifying - the :option:`-R` option: a random value is used to seed the hashes of str, - bytes and datetime objects. + If this variable is set to ``random``, a random value is used to seed the + hashes of str, bytes and datetime objects. If :envvar:`PYTHONHASHSEED` is set to an integer value, it is used as a fixed seed for generating the hash() of the types covered by the hash @@ -499,8 +498,7 @@ These environment variables influence Python's behavior. values. The integer must be a decimal number in the range [0,4294967295]. Specifying - the value 0 will lead to the same hash values as when hash randomization is - disabled. + the value 0 will disable hash randomization. .. versionadded:: 3.2.3 |