[Python-Dev] Hash randomization and deterministic bytecode
Guido van Rossum
guido at python.org
Fri May 12 11:22:58 EDT 2017
Don't worry, the PYTHONHASHSEED setting does not get recorded in the
bytecode header and the generated bytecode (even if it sometimes differs in
trivial ways) is usable with all hash seed settings.
--Guido
On Fri, May 12, 2017 at 6:06 AM, Freddy Rietdijk <freddyrietdijk at fridh.nl>
wrote:
> Hi,
>
> On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash
> randomization. We do this to improve determinism of the builds because we
> store the bytecode next to the code.
>
> When one runs Python directly or via a script PYTHONHASHSEED is not set
> thus enabling hash randomization. Am I correct when I say that in this case
> Python still uses the reproducibly build bytecode and, because its now
> running with a random seed we wouldn't be vulnerable to
> http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also
> try to each time also recompile bytecode?
>
> Kind regards,
>
> Freddy
>
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/
> guido%40python.org
>
>
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170512/3da5ccfd/attachment.html>
More information about the Python-Dev
mailing list