[Python-Dev] Python startup time
INADA Naoki
songofacandy at gmail.com
Mon May 14 13:12:18 EDT 2018
I'm sorry, the word *will* may be stronger than I thought.
I meant if memory image dumped on disk is used casually,
it may make easier to make security hole.
For example, if `hg` memory image is reused, and it can be leaked in some
way,
hg serve will be hashdos weak.
I don't deny that it's useful and safe when it's used carefully.
Regards,
On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Tue, 15 May 2018 01:33:18 +0900
> INADA Naoki <songofacandy at gmail.com> wrote:
> >
> > It will broke hash randomization.
> >
> > See also: https://www.cvedetails.com/cve/CVE-2017-11499/
> I don't know why it would. The mechanism of pre-initializing a process
> which is re-used accross many requests is how most server applications
> of Python already work (you don't want to bear the cost of spawning
> a new interpreter for each request, as antiquated CGI does). I have not
> heard that it breaks hash randomization, so a similar mechanism on the
> CLI side shouldn't break it either.
> Regards
> Antoine.
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/songofacandy%40gmail.com
--
--
INADA Naoki <songofacandy at gmail.com>
More information about the Python-Dev
mailing list