I think the API for mod_perl v2 should be simply that

PL_modperl sets the PL_hash_seed (and PL_hash_seed_set) itself, hopefully from a good source of random bits. p4raw-id: //depot/perl@20145
author: Jarkko Hietaniemi <jhi@iki.fi> 2003-07-11 05:07:09 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2003-07-11 05:07:09 +0000
commit: 103dd89994b01bc194bfaf186624c2fb15f80afe (patch)
tree: 95b5226d954a3ea8b705f8811e053ed08526ff22 /perl.c
parent: 943fd1546636339d357c1308842dbd5454a3c2a1 (diff)
download: perl-103dd89994b01bc194bfaf186624c2fb15f80afe.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/perl.c b/perl.c
index 32e046989c..df11879fb2 100644
--- a/perl.c
+++ b/perl.c
@@ -899,7 +899,9 @@ setuid perl scripts securely.\n");
 
 #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
-     * This MUST be done before any hash stores or fetches take place. */
+     * This MUST be done before any hash stores or fetches take place.
+     * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself,
+     * it is your responsibility to provide a good random seed! */
     if (!PL_hash_seed_set)
 	 PL_hash_seed = get_seed();
     {
author	Jarkko Hietaniemi <jhi@iki.fi>	2003-07-11 05:07:09 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2003-07-11 05:07:09 +0000
commit	103dd89994b01bc194bfaf186624c2fb15f80afe (patch)
tree	95b5226d954a3ea8b705f8811e053ed08526ff22 /perl.c
parent	943fd1546636339d357c1308842dbd5454a3c2a1 (diff)
download	perl-103dd89994b01bc194bfaf186624c2fb15f80afe.tar.gz