I'm sorry, the word *will* may be stronger than I thought. I meant if memory image dumped on disk is used casually, it may make easier to make security hole.
For example, if `hg` memory image is reused, and it can be leaked in some way, hg serve will be hashdos weak. I don't deny that it's useful and safe when it's used carefully. Regards, On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <[email protected]> wrote: > On Tue, 15 May 2018 01:33:18 +0900 > INADA Naoki <[email protected]> wrote: > > > > It will broke hash randomization. > > > > See also: https://www.cvedetails.com/cve/CVE-2017-11499/ > I don't know why it would. The mechanism of pre-initializing a process > which is re-used accross many requests is how most server applications > of Python already work (you don't want to bear the cost of spawning > a new interpreter for each request, as antiquated CGI does). I have not > heard that it breaks hash randomization, so a similar mechanism on the > CLI side shouldn't break it either. > Regards > Antoine. > _______________________________________________ > Python-Dev mailing list > [email protected] > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/songofacandy%40gmail.com -- -- INADA Naoki <[email protected]> _______________________________________________ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
