(original) (raw)

2018年5月15日(火) 2:17 Antoine Pitrou <antoine@python.org>:

Le 14/05/2018 à 19:12, INADA Naoki a écrit :
\> I'm sorry, the word \*will\* may be stronger than I thought.
\>
\> I meant if memory image dumped on disk is used casually,
\> it may make easier to make security hole.
\>
\> For example, if \`hg\` memory image is reused, and it can be leaked in some
\> way,
\> hg serve will be hashdos weak.

This discussion subthread is not about having a memory image dumped on
disk, but a daemon utility that preloads a new Python process when you
first start up your CLI application. Each time a new process is
preloaded, it will by construction use a new hash seed.

My reply was to:

> capture the entire runtime image as a single binary blob.

> could that blob be simply loaded into memory and run?

So I thought about reusing memory image undeterministic times.

Of course, prefork is much safer because hash initial vector is only in process ram.

Regards,