Le 14/05/2018 à 19:12, INADA Naoki a écrit : > I'm sorry, the word *will* may be stronger than I thought. > > I meant if memory image dumped on disk is used casually, > it may make easier to make security hole. > > For example, if `hg` memory image is reused, and it can be leaked in some > way, > hg serve will be hashdos weak. This discussion subthread is not about having a memory image dumped on disk, but a daemon utility that preloads a new Python process when you first start up your CLI application. Each time a new process is preloaded, it will by construction use a new hash seed. (by contrast, the Node.js CVE issue you linked to is about having the same hash seed accross a Node.js version; that's disastrous) Also you add a reuse limit to ensure that the hash seed is rotated (e.g. every 100 invocations). Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4