On Fri, Mar 02, 2012 at 09:43:08AM +1100, Graham Dumpleton wrote: > I am not sure about making it default.
Completely understandable. > I might be prepared to break with that, but only if Python 3.X since > not as many people would be using mod_wsgi there. IOW, off by default > for Python 2.X and on by default for 3.X, but even that carries risk > as people will eventually port code across and find problems then. This sounds reasonable to me. Attached is a patch that disables WSGIHashRandomization by default. luke
diff -up ./configure.ac.orig ./configure.ac
--- ./configure.ac.orig 2009-11-23 01:49:39.000000000 -0500
+++ ./configure.ac 2012-03-01 16:07:15.211953095 -0500
@@ -92,6 +92,16 @@ else
CPPFLAGS3=""
fi
+AC_MSG_CHECKING(Python hash randomization support)
+PYTHON_HASH_RANDOMIZATION=`${PYTHON} -c 'from sys import flags, stdout; \
+ stdout.write(str(getattr(flags, "hash_randomization", "")))'`
+if test -n "${PYTHON_HASH_RANDOMIZATION}"; then
+ CPPFLAGS3="${CPPFLAGS3} -DWITH_PYTHON_HASH_RANDOMIZATION"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
CPPFLAGS="${CPPFLAGS} ${CPPFLAGS1} ${CPPFLAGS2} ${CPPFLAGS3}"
AC_SUBST(CPPFLAGS)
diff -up ./mod_wsgi.c.orig ./mod_wsgi.c
--- ./mod_wsgi.c.orig 2010-07-25 23:58:37.000000000 -0400
+++ ./mod_wsgi.c 2012-03-01 16:05:33.225451743 -0500
@@ -479,6 +479,10 @@ typedef struct {
int error_override;
int chunked_request;
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+ int hash_randomization;
+#endif
+
#if AP_SERVER_MAJORVERSION_NUMBER >= 2
apr_hash_t *handler_scripts;
#endif
@@ -532,6 +536,10 @@ static WSGIServerConfig *newWSGIServerCo
object->restrict_stdout = -1;
object->restrict_signal = -1;
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+ object->hash_randomization = 0;
+#endif
+
#if defined(WIN32) || defined(DARWIN)
object->case_sensitivity = 0;
#else
@@ -5810,6 +5818,12 @@ static void wsgi_python_init(apr_pool_t
_wputenv(L"PYTHONIOENCODING=cp1252:backslashreplace");
#endif
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+ if (wsgi_server_config->hash_randomization != 0) {
+ Py_HashRandomizationFlag = 1;
+ }
+#endif
+
/* Initialise Python. */
ap_log_error(APLOG_MARK, WSGI_LOG_INFO(0), wsgi_server,
@@ -7328,6 +7342,30 @@ static const char *wsgi_set_restrict_sig
return NULL;
}
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+static const char *wsgi_set_hash_randomization(cmd_parms *cmd, void *mconfig,
+ const char *f)
+{
+ const char *error = NULL;
+ WSGIServerConfig *sconfig = NULL;
+
+ error = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (error != NULL)
+ return error;
+
+ sconfig = ap_get_module_config(cmd->server->module_config, &wsgi_module);
+
+ if (strcasecmp(f, "Off") == 0)
+ sconfig->hash_randomization = 0;
+ else if (strcasecmp(f, "On") == 0)
+ sconfig->hash_randomization = 1;
+ else
+ return "WSGIHashRandomization must be one of: Off | On";
+
+ return NULL;
+}
+#endif
+
static const char *wsgi_set_case_sensitivity(cmd_parms *cmd, void *mconfig,
const char *f)
{
@@ -9232,6 +9270,11 @@ static const command_rec wsgi_commands[]
{ "WSGIChunkedRequest", wsgi_set_chunked_request, NULL,
OR_FILEINFO, TAKE1, "Enable/Disable support for chunked request." },
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+ { "WSGIHashRandomization", wsgi_set_hash_randomization, NULL,
+ RSRC_CONF, TAKE1, "Enable/Disable hash randomization" },
+#endif
+
{ NULL }
};
@@ -14951,6 +14994,11 @@ static const command_rec wsgi_commands[]
AP_INIT_RAW_ARGS("WSGIHandlerScript", wsgi_add_handler_script,
NULL, ACCESS_CONF|RSRC_CONF, "Location of WSGI handler script file."),
+#ifdef WITH_PYTHON_HASH_RANDOMIZATION
+ AP_INIT_RAW_ARGS("WSGIHashRandomization", wsgi_set_hash_randomization,
+ NULL, RSRC_CONF, "Enable/Disable hash randomization."),
+#endif
+
{ NULL }
};
pgpK79TkuhEuT.pgp
Description: PGP signature
