I'm sorry, the word *will* may be stronger than I thought. I meant if memory image dumped on disk is used casually, it may make easier to make security hole.
For example, if `hg` memory image is reused, and it can be leaked in some way, hg serve will be hashdos weak. I don't deny that it's useful and safe when it's used carefully. Regards, On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <solip...@pitrou.net> wrote: > On Tue, 15 May 2018 01:33:18 +0900 > INADA Naoki <songofaca...@gmail.com> wrote: > > > > It will broke hash randomization. > > > > See also: https://www.cvedetails.com/cve/CVE-2017-11499/ > I don't know why it would. The mechanism of pre-initializing a process > which is re-used accross many requests is how most server applications > of Python already work (you don't want to bear the cost of spawning > a new interpreter for each request, as antiquated CGI does). I have not > heard that it breaks hash randomization, so a similar mechanism on the > CLI side shouldn't break it either. > Regards > Antoine. > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/songofacandy%40gmail.com -- -- INADA Naoki <songofaca...@gmail.com> _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
