[Python-Dev] Python startup time (original) (raw)

Antoine Pitrou antoine at python.org
Mon May 14 13:17:32 EDT 2018

• Previous message (by thread): [Python-Dev] Python startup time
• Next message (by thread): [Python-Dev] Python startup time
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 14/05/2018 à 19:12, INADA Naoki a écrit :

I'm sorry, the word will may be stronger than I thought.

I meant if memory image dumped on disk is used casually, it may make easier to make security hole. For example, if hg memory image is reused, and it can be leaked in some way, hg serve will be hashdos weak.

This discussion subthread is not about having a memory image dumped on disk, but a daemon utility that preloads a new Python process when you first start up your CLI application. Each time a new process is preloaded, it will by construction use a new hash seed.

(by contrast, the Node.js CVE issue you linked to is about having the same hash seed accross a Node.js version; that's disastrous)

Also you add a reuse limit to ensure that the hash seed is rotated (e.g. every 100 invocations).

Regards

Antoine.

• Previous message (by thread): [Python-Dev] Python startup time
• Next message (by thread): [Python-Dev] Python startup time
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list