classification
Title: Isolated mode doesn't ignore PYTHONHASHSEED
Type: behavior Stage: resolved
Components: Interpreter Core Versions: Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, ncoghlan, vstinner
Priority: normal Keywords:

Created on 2016-01-15 12:48 by ncoghlan, last changed 2019-05-20 15:32 by vstinner. This issue is now closed.

Messages (4)
msg258290 - (view) Author: Nick Coghlan (ncoghlan) * (Python committer) Date: 2016-01-15 12:48
While working on the draft PEP 432 implementation, I noticed that -I isn't special cased for early processing the same way that -E is: https://hg.python.org/cpython/file/tip/Modules/main.c#l265

This means that when isolated mode is used to turn off environment variable access, PYTHONHASHSEED may still be read while configuring hash randomisation.
msg342533 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-15 02:23
This issue has been fixed in Python 3.8 with my work on refactoring Py_Main(). -E and -I command line options are now parsed, before reading PYTHONHASHSEED, and -I imply -E as expected. Extract of the code:

    if (config->isolated > 0) {
        config->user_site_directory = 0;
    }

    if (config->use_environment) {
        err = config_read_env_vars(config);
        if (_Py_INIT_FAILED(err)) {
            return err;
        }
    }

where config_read_env_vars() indirectly reads PYTHONHASHSEED.

I'm not sure if the issue is fixed in Python 3.7 or not. The code in Python 3.7 was in a bad state. It's getting better with Python 3.8 :-)

Note: the overall refactoring work is related to PEP 432 and PEP 587.
msg342553 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-05-15 08:38
Is there a way to fix the issue in 3.7 and earlier? We might consider it a security issue.
msg342919 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-20 15:32
> Is there a way to fix the issue in 3.7 and earlier? We might consider it a security issue.

Hum, Python 3.7 is fixed as well. At least, in the 3.7 dev branch.

Fixed seed:

vstinner@apu$ PYTHONHASHSEED=42 ./python -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}

Random seed:

vstinner@apu$ PYTHONHASHSEED=42 ./python -I -c 'print(set("abcdefgh"))'
{'b', 'e', 'd', 'f', 'g', 'c', 'a', 'h'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -I -c 'print(set("abcdefgh"))'
{'d', 'g', 'e', 'b', 'h', 'f', 'a', 'c'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -I -c 'print(set("abcdefgh"))'
{'e', 'b', 'g', 'c', 'a', 'h', 'f', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 ./python -I -c 'print(set("abcdefgh"))'
{'c', 'd', 'a', 'g', 'f', 'e', 'h', 'b'}

--

Python 3.6 has the bug:

vstinner@apu$ PYTHONHASHSEED=42 python3.6 -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}

vstinner@apu$ PYTHONHASHSEED=42 python3.6 -I -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -I -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -I -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
vstinner@apu$ PYTHONHASHSEED=42 python3.6 -I -c 'print(set("abcdefgh"))'
{'g', 'e', 'a', 'b', 'c', 'f', 'h', 'd'}
History
Date User Action Args
2019-05-20 15:32:22vstinnersetmessages: + msg342919
versions: + Python 3.7
2019-05-15 08:38:11christian.heimessetmessages: + msg342553
2019-05-15 02:23:01vstinnersetstatus: open -> closed
versions: + Python 3.8, - Python 3.5, Python 3.6
messages: + msg342533

components: + Interpreter Core
resolution: fixed
stage: test needed -> resolved
2017-05-15 08:50:42vstinnersetnosy: + vstinner
2016-06-12 11:22:59christian.heimessetassignee: christian.heimes ->
2016-01-15 12:48:14ncoghlancreate