develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Eliminating the "rehash" mechanism for 5.18

Thread Previous | Thread Next
Ævar Arnfjörð Bjarmason
October 30, 2012 07:05
Re: Eliminating the "rehash" mechanism for 5.18
Message ID:
On Tue, Oct 30, 2012 at 2:35 PM, Ed Avis <> wrote:
> If the hash random seed isn't changed on forking, then conceivably a privileged
> daemon could fork off child process which drop their privileges or run as a
> different user account.  A core dump file from one of those children could be
> used to extract the random seed and attack the parent.  But this probably isn't
> worth worrying about, since if you have the core dump you probably have all sorts
> of garbage data from the parent process, which is already an information leak at
> the least.

Regarding all these security considerations: Since the widely
publicized attacks on pretty much every modern language that wasn't
Perl a while back Ruby, Java etc. all changed their hash
implementations to do some variant of randomized hashing.

It's very likely that all the thing being brought up here have been
discussed by those camps and have been security audited, so finding
out how they dealt with it would be very informative.

I haven't done so, but it would make for very useful input for this

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About