diff options
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS | 5 | ||||
| -rw-r--r-- | Misc/python.man | 29 |
2 files changed, 34 insertions, 0 deletions
@@ -10,6 +10,11 @@ What's New in Python 3.1.5? Core and Builtins ----------------- +- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED + environment variables, to provide an opt-in way to protect against denial of + service attacks due to hash collisions within the dict and set types. Patch + by David Malcolm, based on work by Victor Stinner. + Library ------- diff --git a/Misc/python.man b/Misc/python.man index 411a43a..5b4eeef 100644 --- a/Misc/python.man +++ b/Misc/python.man @@ -34,6 +34,9 @@ python \- an interpreted, interactive, object-oriented programming language .B \-OO ] [ +.B \-R +] +[ .B -Q .I argument ] @@ -145,6 +148,18 @@ to \fI.pyo\fP. Given twice, causes docstrings to be discarded. .B \-OO Discard docstrings in addition to the \fB-O\fP optimizations. .TP +.B \-R +Turn on "hash randomization", so that the hash() values of str, bytes and +datetime objects are "salted" with an unpredictable pseudo-random value. +Although they remain constant within an individual Python process, they are +not predictable between repeated invocations of Python. +.IP +This is intended to provide protection against a denial of service +caused by carefully-chosen inputs that exploit the worst case performance +of a dict insertion, O(n^2) complexity. See +http://www.ocert.org/advisories/ocert-2011-003.html +for details. +.TP .BI "\-Q " argument Division control; see PEP 238. The argument must be one of "old" (the default, int/int and long/long return an int or long), "new" (new @@ -403,6 +418,20 @@ the \fB\-u\fP option. If this is set to a non-empty string it is equivalent to specifying the \fB\-v\fP option. If set to an integer, it is equivalent to specifying \fB\-v\fP multiple times. +.IP PYTHONHASHSEED +If this variable is set to "random", the effect is the same as specifying +the \fB-R\fP option: a random value is used to seed the hashes of str, +bytes and datetime objects. + +If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for +generating the hash() of the types covered by the hash randomization. Its +purpose is to allow repeatable hashing, such as for selftests for the +interpreter itself, or to allow a cluster of python processes to share hash +values. + +The integer must be a decimal number in the range [0,4294967295]. Specifying +the value 0 will lead to the same hash values as when hash randomization is +disabled. .SH AUTHOR The Python Software Foundation: http://www.python.org/psf .SH INTERNET RESOURCES |