[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Colm Buckley
report at bugs.python.org
Tue Jun 7 12:04:21 EDT 2016
Colm Buckley added the comment:
Donald -
To be clear - no import of random or of hashlib is required to trigger this issue. The null script alone triggers the issue; the Python hash secret is initialized at startup regardless of script contents.
Yes, there is a race condition at system boot which we can probably resolve with userspace manipulations. I still feel that having Python hang indefinitely under certain circumstances, even when the application does not require any entropy, is a violation of the principle of least surprise. At the very least, there should be a command-line flag to disable "secure" initialization of the hash secret.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26839>
_______________________________________
More information about the Python-bugs-list
mailing list