On Thu, 17 Jul 2003 21:26:46 +0200, "Malte S. Stretz" <[EMAIL PROTECTED]> writes:
> On Thursday 17 July 2003 20:56 CET Scott A Crosby wrote: > > In any case, if 5.8.1 it goes out with the fix, its going to be > > interesting how many latent bugs the fix exposes. The perl core has > > fixed 4 so far, and identified at least two external packages that > > break their self-tests. > > > > SA, being one premire application of perl should test with RC1, or RC2 > > with hash randomization to see if you can tease out any latent bugs so > > they're fixed before 5.8.1 goes live. > > *sigh* So I've got to compile another Perl. I'll have a try. But could give > a short explanation (or pointer) on how to use it? The second mail you > referred to uses different values for PERL_HASH_SEED... I'm not entirely sure. I think it exists within the documentation. (Grep it for HASH.) What's occuring is to avoid an attacker deliberately causing collisions in the hash table, the hash funciton is now being randomized. With that code enabled, 'keys %hash' will return the keys in a different order on *each* run of Perl. This has exposed latent bugs. Unfortunately, that nondeterminism makes it difficult to debug problems, so they offer some debugging aids. One of them makes perl print out the current hash seed, another lets you set a hash seed manually. Thus, if you have a nonrepeatible failure, you can fix the hash seed and see if it repeats. Also, if you can find two hash seeds where one succeeds and the other fails, you now know that hash nondeterminism is the cause of the bug. Scott ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
