diff options
author | Benjamin Peterson <benjamin@python.org> | 2012-02-21 21:08:05 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2012-02-21 21:08:05 (GMT) |
commit | c9f54cf512996790266c17f81584c9725ee99d47 (patch) | |
tree | f1208c4e6d7a2f2065a9ebcac6d602eedf8aae66 /Misc | |
parent | 6ca5a4d49fdc55c2555a9692097e9966fd8b804f (diff) | |
download | cpython-c9f54cf512996790266c17f81584c9725ee99d47.zip cpython-c9f54cf512996790266c17f81584c9725ee99d47.tar.gz cpython-c9f54cf512996790266c17f81584c9725ee99d47.tar.bz2 |
enable hash randomization by default
Diffstat (limited to 'Misc')
-rw-r--r-- | Misc/NEWS | 7 | ||||
-rw-r--r-- | Misc/python.man | 23 |
2 files changed, 6 insertions, 24 deletions
@@ -18,10 +18,9 @@ Core and Builtins - Issue #14051: Allow arbitrary attributes to be set of classmethod and staticmethod. -- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED - environment variable, to provide an opt-in way to protect against denial of - service attacks due to hash collisions within the dict and set types. Patch - by David Malcolm, based on work by Victor Stinner. +- Issue #13703: oCERT-2011-003: Randomize hashes of str and bytes to protect + against denial of service attacks due to hash collisions within the dict and + set types. Patch by David Malcolm, based on work by Victor Stinner. - Issue #13020: Fix a reference leak when allocating a structsequence object fails. Patch by Suman Saha. diff --git a/Misc/python.man b/Misc/python.man index ef42c4e..757d4d8 100644 --- a/Misc/python.man +++ b/Misc/python.man @@ -37,9 +37,6 @@ python \- an interpreted, interactive, object-oriented programming language .B \-OO ] [ -.B \-R -] -[ .B \-s ] [ @@ -151,18 +148,6 @@ Discard docstrings in addition to the \fB-O\fP optimizations. Do not print the version and copyright messages. These messages are also suppressed in non-interactive mode. .TP -.B \-R -Turn on "hash randomization", so that the hash() values of str, bytes and -datetime objects are "salted" with an unpredictable pseudo-random value. -Although they remain constant within an individual Python process, they are -not predictable between repeated invocations of Python. -.IP -This is intended to provide protection against a denial of service -caused by carefully-chosen inputs that exploit the worst case performance -of a dict insertion, O(n^2) complexity. See -http://www.ocert.org/advisories/ocert-2011-003.html -for details. -.TP .B \-s Don't add user site directory to sys.path. .TP @@ -418,9 +403,8 @@ specifying \fB\-v\fP multiple times. If this is set to a comma-separated string it is equivalent to specifying the \fB\-W\fP option for each separate value. .IP PYTHONHASHSEED -If this variable is set to "random", the effect is the same as specifying -the \fB-R\fP option: a random value is used to seed the hashes of str, -bytes and datetime objects. +If this variable is set to "random", a random value is used to seed the hashes +of str, bytes and datetime objects. If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for generating the hash() of the types covered by the hash randomization. Its @@ -429,8 +413,7 @@ interpreter itself, or to allow a cluster of python processes to share hash values. The integer must be a decimal number in the range [0,4294967295]. Specifying -the value 0 will lead to the same hash values as when hash randomization is -disabled. +the value 0 will disable hash randomization. .SH AUTHOR The Python Software Foundation: http://www.python.org/psf .SH INTERNET RESOURCES |