diff options
| author | Georg Brandl <georg@python.org> | 2012-02-20 20:31:46 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2012-02-20 20:31:46 (GMT) |
| commit | 09a7c72cad48f568e0781541167cf9ea6a3f0760 (patch) | |
| tree | d925894bfc3662e33c03ff7b6b2c5e9e38749b73 /Misc/python.man | |
| parent | fee358b0df547e9451cfb0b3d25980e6cc7177cc (diff) | |
| parent | 2daf6ae2495c862adf8bc717bfe9964081ea0b10 (diff) | |
| download | cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.zip cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.gz cpython-09a7c72cad48f568e0781541167cf9ea6a3f0760.tar.bz2 | |
Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.
The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
Diffstat (limited to 'Misc/python.man')
| -rw-r--r-- | Misc/python.man | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Misc/python.man b/Misc/python.man index 3dca604..fc3566f 100644 --- a/Misc/python.man +++ b/Misc/python.man @@ -37,6 +37,9 @@ python \- an interpreted, interactive, object-oriented programming language .B \-OO ] [ +.B \-R +] +[ .B -Q .I argument ] @@ -152,6 +155,18 @@ Discard docstrings in addition to the \fB-O\fP optimizations. Do not print the version and copyright messages. These messages are also suppressed in non-interactive mode. .TP +.B \-R +Turn on "hash randomization", so that the hash() values of str, bytes and +datetime objects are "salted" with an unpredictable pseudo-random value. +Although they remain constant within an individual Python process, they are +not predictable between repeated invocations of Python. +.IP +This is intended to provide protection against a denial of service +caused by carefully-chosen inputs that exploit the worst case performance +of a dict insertion, O(n^2) complexity. See +http://www.ocert.org/advisories/ocert-2011-003.html +for details. +.TP .BI "\-Q " argument Division control; see PEP 238. The argument must be one of "old" (the default, int/int and long/long return an int or long), "new" (new @@ -413,6 +428,20 @@ specifying \fB\-v\fP multiple times. .IP PYTHONWARNINGS If this is set to a comma-separated string it is equivalent to specifying the \fB\-W\fP option for each separate value. +.IP PYTHONHASHSEED +If this variable is set to "random", the effect is the same as specifying +the \fB-R\fP option: a random value is used to seed the hashes of str, +bytes and datetime objects. + +If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for +generating the hash() of the types covered by the hash randomization. Its +purpose is to allow repeatable hashing, such as for selftests for the +interpreter itself, or to allow a cluster of python processes to share hash +values. + +The integer must be a decimal number in the range [0,4294967295]. Specifying +the value 0 will lead to the same hash values as when hash randomization is +disabled. .SH AUTHOR The Python Software Foundation: http://www.python.org/psf .SH INTERNET RESOURCES |