Message325966
The bug affects multiple platforms. libexpat's expat.h uses slightly different autoconf macro names than pyconfig.h. Therefore only platforms that have either HAVE_GETRANDOM or _WIN32 defined, use a proper CSPRNG to seed the hash salt.
Since HAVE_SYSCALL_GETRANDOM, HAVE_ARC4RANDOM_BUF, HAVE_ARC4RANDOM, or XML_DEV_URANDOM are never defined by Python's pyconfig.h, older Linux platforms, any BSD, and any other Unix platform with /dev/urandom fall back to a weak Mersenne Twister-like RNG with gettimeofday().tv_usec and getpid() as seed. |
|
Date |
User |
Action |
Args |
2018-09-21 06:38:05 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, benjamin.peterson, miss-islington |
2018-09-21 06:38:05 | christian.heimes | set | messageid: <1537511885.41.0.956365154283.issue34623@psf.upfronthosting.co.za> |
2018-09-21 06:38:05 | christian.heimes | link | issue34623 messages |
2018-09-21 06:38:05 | christian.heimes | create | |
|