[Python-Dev] Python startup time (original) (raw)
INADA Naoki songofacandy at gmail.com
Mon May 14 13:12:18 EDT 2018
- Previous message (by thread): [Python-Dev] Python startup time
- Next message (by thread): [Python-Dev] Python startup time
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm sorry, the word will may be stronger than I thought.
I meant if memory image dumped on disk is used casually, it may make easier to make security hole.
For example, if hg memory image is reused, and it can be leaked in some
way,
hg serve will be hashdos weak.
I don't deny that it's useful and safe when it's used carefully.
Regards,
On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
On Tue, 15 May 2018 01:33:18 +0900 INADA Naoki <songofacandy at gmail.com> wrote: > > It will broke hash randomization. > > See also: https://www.cvedetails.com/cve/CVE-2017-11499/
I don't know why it would. The mechanism of pre-initializing a process which is re-used accross many requests is how most server applications of Python already work (you don't want to bear the cost of spawning a new interpreter for each request, as antiquated CGI does). I have not heard that it breaks hash randomization, so a similar mechanism on the CLI side shouldn't break it either.
Regards
Antoine.
Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/songofacandy%40gmail.com
--
INADA Naoki <songofacandy at gmail.com>
- Previous message (by thread): [Python-Dev] Python startup time
- Next message (by thread): [Python-Dev] Python startup time
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]