">

(original) (raw)

On 1/5/2012 4:10 PM, Nick Coghlan wrote: 
On Fri, Jan 6, 2012 at 8:15 AM, Serhiy Storchaka <storchaka@gmail.com> wrote:  

05.01.12 21:14, Glenn Linderman написав(ла):  

  
So, fixing the vulnerable packages could be a sufficient response,  
rather than changing the hash function. How to fix? Each of those  
above allocates and returns a dict. Simply have each of those allocate  
and return and wrapped dict, which has the following behaviors:


i) during __init__, create a local, random, string.
ii) for all key values, prepend the string, before passing it to the
internal dict.




Good idea.





Thanks for the implementation, Serhiy. That is the sort of thing I
had in mind, indeed.


Not a good idea - a lot of the 3rd party tests that depend on dict
ordering are going to be using those modules anyway,




Stats? Didn't someone post a list of tests that fail when changing
the hash? Oh, those were stdlib tests, not 3rd party tests. I'm not
sure how to gather the stats, then, are you?




so scattering our
solution across half the standard library is needlessly creating
additional work without really reducing the incompatibility problem.




Half the standard library? no one has cared to augment my list of
modules, but I have seen reference to JSON in addition to cgi and
urllib.parse. I think there are more than 6 modules in the standard
library...




If we're going to change anything, it may as well be the string
hashing algorithm itself.




Changing the string hashing algorithm is known (or at least no one
has argued otherwise) to be a source of backward incompatibility
that will break programs. My proposal (and Serhiy's implementation,
assuming it works, or can be easily tweaked to work, I haven't
reviewed it in detail or attempted to test it) will only break
programs that have vulnerabilities.





I failed to mention one other benefit of my proposal: every web
request would have a different random prefix, so attempting to
gather info is futile: the next request has a different random
prefix, so different strings would collide.




Cheers,
Nick.


Indeed it is nice when we can be cheery even when arguing, for the
most part :) I've enjoyed reading the discussions in this forum
because most folks have respect for other people's opinions, even
when they differ.