Change 19860: Re: Change 19854: Bite the bullet and apply the hash randomisation patch.

Thu, 26 Jun 2003 23:29:27 -0700 

Change 19860 by [EMAIL PROTECTED] on 2003/06/27 05:02:14

        Subject: Re: Change 19854: Bite the bullet and apply the hash randomisation 
patch.
        From: Tim Bunce <[EMAIL PROTECTED]>
        Date: Thu, 26 Jun 2003 10:53:22 +0100
        Message-ID: <[EMAIL PROTECTED]>

Affected files ...

... //depot/perl/INSTALL#126 edit

Differences ...

==== //depot/perl/INSTALL#126 (text) ====
Index: perl/INSTALL
--- perl/INSTALL#125~19854~     Wed Jun 25 22:32:02 2003
+++ perl/INSTALL        Thu Jun 26 22:02:14 2003
@@ -840,7 +840,7 @@
 
 In Perls 5.8.0 and earlier it was easy to create degenerate hashes.
 Processing such hashes would consume large amounts of CPU time,
-causing a "Denial of Service" attack against Perl.  Such hashes may be
+enabling a "Denial of Service" attack against Perl.  Such hashes may be
 a problem for example for mod_perl sites, sites with Perl CGI scripts
 and web services, that process data originating from external sources.
 
@@ -848,23 +848,23 @@
 to create such degenerate hashes.
 
 Because of this feature the keys(), values(), and each() functions
-will return the hash elements in different order between different
+may return the hash elements in different order between different
 runs of Perl even with the same data.  One can still revert to the old
-predictable order by setting the environment variable PERL_HASH_SEED,
+repeatable order by setting the environment variable PERL_HASH_SEED,
 see L<perlrun>.  Another option is to add -DUSE_HASH_SEED_EXPLICIT to
 the compilation flags, in which case one has to explicitly set the
 PERL_HASH_SEED environment variable to enable the security feature,
 or -DNO_HASH_SEED to completely disable the feature.
 
-B<Perl does not guarantee any ordering of the hash keys>, and the
+B<Perl has never guaranteed any ordering of the hash keys>, and the
 ordering has already changed several times during the lifetime of
-Perl 5.  Also, the ordering of hash keys already (in Perl 5.8.0 and
-earlier) depends on the insertion order.
+Perl 5.  Also, the ordering of hash keys has always been, and
+continues to be, affected by the insertion order.
 
 Note that because of this randomisation for example the Data::Dumper
 results will be different between different runs of Perl since
 Data::Dumper by default dumps hashes "unordered".  The use of the
-Data::Dumper C<Sortkeys> filter is recommended.
+Data::Dumper C<Sortkeys> option is recommended.
 
 =head2 SOCKS
 
End of Patch.

Reply via email to