develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Eliminating the "rehash" mechanism for 5.18

Thread Previous | Thread Next
Eric Brine
October 30, 2012 14:58
Re: Eliminating the "rehash" mechanism for 5.18
Message ID:
On Tue, Oct 30, 2012 at 9:35 AM, Ed Avis <> wrote:

> If the hash random seed isn't changed on forking, then

...there's a security weakness. Is it one we're willing to accept? Probably.

If you have a deamon written in Perl that forked off for every request, and
that the response shows the output

> conceivably a privileged daemon could fork off child process which drop
> their

privileges or run as a different user account.

Or perhaps if the child processes has outputs that are based on the hash
order of inputs placed in a hash. How many hashes does one need to build to
determine the seed?

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About