[Python-Dev] Python startup time
INADA Naoki
songofacandy at gmail.com
Mon May 14 13:12:18 EDT 2018
More information about the Python-Dev mailing list
Mon May 14 13:12:18 EDT 2018
- Previous message (by thread): [Python-Dev] Python startup time
- Next message (by thread): [Python-Dev] Python startup time
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm sorry, the word *will* may be stronger than I thought. I meant if memory image dumped on disk is used casually, it may make easier to make security hole. For example, if `hg` memory image is reused, and it can be leaked in some way, hg serve will be hashdos weak. I don't deny that it's useful and safe when it's used carefully. Regards, On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <solipsis at pitrou.net> wrote: > On Tue, 15 May 2018 01:33:18 +0900 > INADA Naoki <songofacandy at gmail.com> wrote: > > > > It will broke hash randomization. > > > > See also: https://www.cvedetails.com/cve/CVE-2017-11499/ > I don't know why it would. The mechanism of pre-initializing a process > which is re-used accross many requests is how most server applications > of Python already work (you don't want to bear the cost of spawning > a new interpreter for each request, as antiquated CGI does). I have not > heard that it breaks hash randomization, so a similar mechanism on the > CLI side shouldn't break it either. > Regards > Antoine. > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/songofacandy%40gmail.com -- -- INADA Naoki <songofacandy at gmail.com>
- Previous message (by thread): [Python-Dev] Python startup time
- Next message (by thread): [Python-Dev] Python startup time
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list