[Python-Dev] Hash randomization and deterministic bytecode
Hi, On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash randomization. We do this to improve determinism of the builds because we store the bytecode next to the code. When one runs Python directly or via a script PYTHONHASHSEED is not set thus enabling hash randomization. Am I correct when I say that in this case Python still uses the reproducibly build bytecode and, because its now running with a random seed we wouldn't be vulnerable to http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also try to each time also recompile bytecode? Kind regards, Freddy ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Hash randomization and deterministic bytecode
Don't worry, the PYTHONHASHSEED setting does not get recorded in the bytecode header and the generated bytecode (even if it sometimes differs in trivial ways) is usable with all hash seed settings. --Guido On Fri, May 12, 2017 at 6:06 AM, Freddy Rietdijk wrote: > Hi, > > On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash > randomization. We do this to improve determinism of the builds because we > store the bytecode next to the code. > > When one runs Python directly or via a script PYTHONHASHSEED is not set > thus enabling hash randomization. Am I correct when I say that in this case > Python still uses the reproducibly build bytecode and, because its now > running with a random seed we wouldn't be vulnerable to > http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also > try to each time also recompile bytecode? > > Kind regards, > > Freddy > > > > ___ > Python-Dev mailing list > [email protected] > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/ > guido%40python.org > > -- --Guido van Rossum (python.org/~guido) ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Summary of Python tracker Issues
ACTIVITY SUMMARY (2017-05-05 - 2017-05-12) Python tracker at http://bugs.python.org/ To view or respond to any of the issues listed below, click on the issue. Do NOT respond to this message. Issues counts and deltas: open5958 (+29) closed 36149 (+40) total 42107 (+69) Open issues with patches: 2384 Issues opened (47) == #30273: The coverage job is broken: distutils build_ext fails on None http://bugs.python.org/issue30273 reopened by haypo #30283: [2.7] Backport test_regrtest (partially) on Python 2.7 http://bugs.python.org/issue30283 opened by haypo #30284: Build CPython out of tree with a read-only source tree http://bugs.python.org/issue30284 opened by haypo #30287: cpython and Clang Static Analyzer http://bugs.python.org/issue30287 opened by dilyan.palauzov #30290: IDLE: add tests for help_about.py http://bugs.python.org/issue30290 opened by terry.reedy #30291: Allow windows launcher to specify bit lengths with & without m http://bugs.python.org/issue30291 opened by Steve Barnes #30294: ./configure, pydebug and pymalloc http://bugs.python.org/issue30294 opened by dilyan.palauzov #30295: msvcrt SetErrorMode not documented http://bugs.python.org/issue30295 opened by giampaolo.rodola #30296: Remove unnecessary tuples, lists, sets, and dicts from Lib http://bugs.python.org/issue30296 opened by jdufresne #30299: Display the bytecode when compiled a regular expression in deb http://bugs.python.org/issue30299 opened by serhiy.storchaka #30300: asyncio.Controller http://bugs.python.org/issue30300 opened by barry #30301: multiprocessing: AttributeError: 'SimpleQueue' object has no a http://bugs.python.org/issue30301 opened by Daniel Moore #30302: Improve .__repr__ implementation for datetime.timedelta http://bugs.python.org/issue30302 opened by musically_ut #30303: IDLE: Add _utest to textview http://bugs.python.org/issue30303 opened by louielu #30304: TestCase.assertMultiLineEqual only registered for Unicode stri http://bugs.python.org/issue30304 opened by martin.panter #30306: release arguments of contextmanager http://bugs.python.org/issue30306 opened by Martin.Teichmann #30310: tkFont.py assumes that all font families are encoded as ascii http://bugs.python.org/issue30310 opened by culler #30312: Small correction in set code sample http://bugs.python.org/issue30312 opened by mcocdawc #30313: Tests of Python 2.7 VS9.0 buildbots must be run with -uall -rw http://bugs.python.org/issue30313 opened by haypo #30314: Buildbots: 15 min is too low for test_tools on x86 Tiger 3.6 b http://bugs.python.org/issue30314 opened by haypo #30315: test_ftplib.TestTLS_FTPClass: "[Errno 54] Connection reset by http://bugs.python.org/issue30315 opened by haypo #30316: test_default_timeout() of test_threading.BarrierTests: random http://bugs.python.org/issue30316 opened by haypo #30317: test_timeout() of test_multiprocessing_spawn.WithManagerTestBa http://bugs.python.org/issue30317 opened by haypo #30318: test_distutils is too verbose on Windows http://bugs.python.org/issue30318 opened by haypo #30319: test_invalid_authentication() of test_imaplib: ConnectionRese http://bugs.python.org/issue30319 opened by haypo #30323: concurrent.futures.Executor.map() consumes all memory when big http://bugs.python.org/issue30323 opened by Klamann #30325: Buildbot: send email notifications to buildbot-status@ http://bugs.python.org/issue30325 opened by haypo #30328: test_ssl.test_connect_with_context(): ConnectionResetError on http://bugs.python.org/issue30328 opened by haypo #30329: test_imaplib.test_login_cram_md5(): OSError: [WinError 10022] http://bugs.python.org/issue30329 opened by haypo #30330: test_socket.test_idna(): socket.gaierror: [Errno 11001] getadd http://bugs.python.org/issue30330 opened by haypo #30331: TestPOP3_TLSClass: socket.timeout: timed out on AMD64 FreeBSD http://bugs.python.org/issue30331 opened by haypo #30333: test_multiprocessing_forkserver: poll() failed on AMD64 FreeBS http://bugs.python.org/issue30333 opened by haypo #30335: Document deprecated alias of assertNotRegex http://bugs.python.org/issue30335 opened by Jim Fasarakis-Hilliard #30337: Vague wording of pkgutil.walk_packages parameter 'prefix' http://bugs.python.org/issue30337 opened by smsilb #30339: test_multiprocessing_main_handling: "RuntimeError: Timed out w http://bugs.python.org/issue30339 opened by haypo #30340: Optimize out non-capturing groups http://bugs.python.org/issue30340 opened by serhiy.storchaka #30341: Add an explaining comment in _PyTrash_thread_destroy_chain() http://bugs.python.org/issue30341 opened by xiang.zhang #30343: Subclassed json.JSONEncoder does not respect default method fo http://bugs.python.org/issue30343 opened by Xophmeister #30344: test_multiprocessing.test_notify_all(): AssertionError: 6 != 5 http://bugs.python.org/issue30344 opened by haypo #30345: test_gdb fails on Python 3.6 when built with LTO+PGO h
