develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Eliminating the "rehash" mechanism for 5.18

Thread Previous | Thread Next
Ed Avis
October 30, 2012 06:36
Re: Eliminating the "rehash" mechanism for 5.18
Message ID:
If the hash random seed isn't changed on forking, then conceivably a privileged
daemon could fork off child process which drop their privileges or run as a
different user account.  A core dump file from one of those children could be
used to extract the random seed and attack the parent.  But this probably isn't
worth worrying about, since if you have the core dump you probably have all sorts
of garbage data from the parent process, which is already an information leak at
the least.

Ed Avis <>

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About