2 files changed, 15 insertions, 5 deletions

diff --git a/hv.h b/hv.h
index c43fc57b2d..e4149796ea 100644
--- a/hv.h
+++ b/hv.h
@@ -56,13 +56,22 @@ struct xpvhv {
  * (a) the hashed data being interpreted as "unsigned char" (new since 5.8,
  *     a "char" can be either signed or signed, depending on the compiler)
  * (b) catering for old code that uses a "char"
+ *
  * The "hash seed" feature was added in Perl 5.8.1 to perturb the results
  * to avoid "algorithmic complexity attacks".
+ *
+ * If USE_HASH_SEED is defined, hash randomisation is done by default
+ * If USE_HASH_SEED_EXPLICIT is defined, hash randomisation is done
+ * only if the environment variable PERL_HASH_SEED is set.
+ * For maximal control, one can define PERL_HASH_SEED.
+ * (see also erl.c:perl_parse()).
  */
-#if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
-#   define PERL_HASH_SEED	PL_hash_seed
-#else
-#   define PERL_HASH_SEED	0
+#ifndef PERL_HASH_SEED
+#   if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
+#       define PERL_HASH_SEED	PL_hash_seed
+#   else
+#       define PERL_HASH_SEED	0
+#   endif
 #endif
 #define PERL_HASH(hash,str,len) \
      STMT_START	{ \
diff --git a/perl.c b/perl.c
index bfe3cccd6f..0968e26363 100644
--- a/perl.c
+++ b/perl.c
@@ -901,7 +901,8 @@ setuid perl scripts securely.\n");
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
      * This MUST be done before any hash stores or fetches take place.
      * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself,
-     * it is your responsibility to provide a good random seed! */
+     * it is your responsibility to provide a good random seed!
+     * You can also define PERL_HASH_SEED in compile time, see hv.h. */
     if (!PL_hash_seed_set)
 	 PL_hash_seed = get_hash_seed();
     {