diff options
| author | Tim Bunce <Tim.Bunce@pobox.com> | 2003-06-26 11:53:22 +0100 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2003-06-27 05:02:14 +0000 |
| commit | 3debabd9ba8d62a4b7656b07d06b582de8063b12 (patch) | |
| tree | c821bdd12624c345fb6d6a0e61ede50f94189c8e | |
| parent | 2191697ea9da49f0c020a5bcb1eb2a2e9d574a4e (diff) | |
| download | perl-3debabd9ba8d62a4b7656b07d06b582de8063b12.tar.gz | |
Re: Change 19854: Bite the bullet and apply the hash randomisation patch.
Message-ID: <20030626095322.GE97463@dansat.data-plan.com>
p4raw-id: //depot/perl@19860
| -rw-r--r-- | INSTALL | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -840,7 +840,7 @@ your sfio sources and correct iffe's guess about atexit. In Perls 5.8.0 and earlier it was easy to create degenerate hashes. Processing such hashes would consume large amounts of CPU time, -causing a "Denial of Service" attack against Perl. Such hashes may be +enabling a "Denial of Service" attack against Perl. Such hashes may be a problem for example for mod_perl sites, sites with Perl CGI scripts and web services, that process data originating from external sources. @@ -848,23 +848,23 @@ In Perl 5.8.1 a security feature was introduced to make it harder to create such degenerate hashes. Because of this feature the keys(), values(), and each() functions -will return the hash elements in different order between different +may return the hash elements in different order between different runs of Perl even with the same data. One can still revert to the old -predictable order by setting the environment variable PERL_HASH_SEED, +repeatable order by setting the environment variable PERL_HASH_SEED, see L<perlrun>. Another option is to add -DUSE_HASH_SEED_EXPLICIT to the compilation flags, in which case one has to explicitly set the PERL_HASH_SEED environment variable to enable the security feature, or -DNO_HASH_SEED to completely disable the feature. -B<Perl does not guarantee any ordering of the hash keys>, and the +B<Perl has never guaranteed any ordering of the hash keys>, and the ordering has already changed several times during the lifetime of -Perl 5. Also, the ordering of hash keys already (in Perl 5.8.0 and -earlier) depends on the insertion order. +Perl 5. Also, the ordering of hash keys has always been, and +continues to be, affected by the insertion order. Note that because of this randomisation for example the Data::Dumper results will be different between different runs of Perl since Data::Dumper by default dumps hashes "unordered". The use of the -Data::Dumper C<Sortkeys> filter is recommended. +Data::Dumper C<Sortkeys> option is recommended. =head2 SOCKS |