Re: Eliminating the "rehash" mechanism for 5.18

On Tue, Oct 30, 2012 at 9:35 AM, Ed Avis <eda@waniasset.com> wrote:

> If the hash random seed isn't changed on forking, then


...there's a security weakness. Is it one we're willing to accept? Probably.

If you have a deamon written in Perl that forked off for every request, and
that the response shows the output



> conceivably a privileged daemon could fork off child process which drop
> their

privileges or run as a different user account.


Or perhaps if the child processes has outputs that are based on the hash
order of inputs placed in a hash. How many hashes does one need to build to
determine the seed?

• Eliminating the "rehash" mechanism for 5.18 by demerphq
• RE: Eliminating the "rehash" mechanism for 5.18 by bulk 88
• Re: Eliminating the "rehash" mechanism for 5.18 by David Golden
• Re: Eliminating the "rehash" mechanism for 5.18 by Peter Rabbitson
• Re: Eliminating the "rehash" mechanism for 5.18 by Eric Brine
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Ed Avis
• Re: Eliminating the "rehash" mechanism for 5.18 by Ævar Arnfjörð Bjarmason
• Re: Eliminating the "rehash" mechanism for 5.18 by Eric Brine
• Re: Eliminating the "rehash" mechanism for 5.18 by Leon Timmermans
• Re: Eliminating the "rehash" mechanism for 5.18 by Eric Brine
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Ed Avis
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Tony Cook
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Ruslan Zakirov
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Aristotle Pagaltzis
• Re: Eliminating the "rehash" mechanism for 5.18 by James E Keenan
• Re: Eliminating the "rehash" mechanism for 5.18 by Peter Rabbitson
• Re: Eliminating the "rehash" mechanism for 5.18 by Dave Mitchell
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Dave Mitchell
• Re: Eliminating the "rehash" mechanism for 5.18 by Peter Rabbitson
• Re: Eliminating the "rehash" mechanism for 5.18 by Jesse Luehrs
• Re: Eliminating the "rehash" mechanism for 5.18 by Ævar Arnfjörð Bjarmason
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• RE: Eliminating the "rehash" mechanism for 5.18 by bulk 88
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq
• Re: Eliminating the "rehash" mechanism for 5.18 by Peter Rabbitson
• RE: Eliminating the "rehash" mechanism for 5.18 by bulk 88
• Re: Eliminating the "rehash" mechanism for 5.18 by demerphq