[issue13703] Hash collision security issue
Barry A. Warsaw
report at bugs.python.org
Tue Feb 21 16:42:34 CET 2012
Barry A. Warsaw <barry at python.org> added the comment:
On Feb 21, 2012, at 09:48 AM, Marc-Andre Lemburg wrote:
>The flag should probably be removed - simply because
>the env var is not a flag, it's a configuration parameter.
>
>Exposing the seed value as sys.hashseed would be better and more useful
>to applications.
Okay, after chatting with __ap__ on irc, here's what I think the behavior
should be:
sys.flags.hash_randomization should contain just the value given by the -R
flag. It should only be True if the flag is present, False otherwise.
sys.hash_seed contains the hash seed, set by virtue of the flag or envar. It
should contain the *actual* seed value used. E.g. it might be zero, the
explicitly set integer, or the randomly selected seed value in use during this
Python execution if a random seed was requested.
If you really need the envar value, getenv('PYTHONHASHSEED') is good enough
for that.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list