Message 152057 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	Arach, Arfrever, Huzaifa.Sidhpurwala, Jim.Jewett, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.araujo, eric.snow, fx5, georg.brandl, grahamd, gregory.p.smith, gvanrossum, gz, jcea, lemburg, loewis, mark.dickinson, neologix, pitrou, skrah, terry.reedy, tim.peters, v+python, vstinner, zbysz
Date	2012-01-27.01:19:12
SpamBayes Score	1.7580949e-09
Marked as misclassified	No
Message-id	<1327627021.3454.11.camel@localhost.localdomain>
In-reply-to	<20120127004349.Horde.PVOKDFNNcXdPIeU1WyDHUCA@webmail.df.eu>

Content
> > There were three discussed issues with it: > > > > a) Code assuming a stable ordering to dictionaries > > b) Code assuming hashes were stable across runs. > > c) Code reimplementing the hashing algorithm of a core datatype that is now > > randomized. > > > > I don't think any of these are realistic issues > > I'm fairly certain that code will break in massive ways, despite any > argumentation that it should not. The question really is > > Do we break code in a massive way, or do we fix the vulnerability > for most users with no code breakage? > > I clearly value compatibility much higher than 100% protection against > a DoS-style attack (which has many other forms of protecting against > available also). If I your read patch correctly, collisions will produce additional allocations of one distinct PyObject (i.e. AVL node) per colliding key. That's a pretty massive change in memory consumption for string dicts (and also in memory fragmentation and cache friendliness, probably). The performance effect in most situations is likely to be negative too, despite the better worst-case complexity. IMO that would be a rather controversial change for a feature release, let alone a bugfix or security release. It would be nice to have the release managers' opinions on this issue.

> >  There were three discussed issues with it:
> >
> > a) Code assuming a stable ordering to dictionaries
> > b) Code assuming hashes were stable across runs.
> > c) Code reimplementing the hashing algorithm of a core datatype that is now
> > randomized.
> >
> > I don't think any of these are realistic issues
> 
> I'm fairly certain that code will break in massive ways, despite any
> argumentation that it should not. The question really is
> 
> Do we break code in a massive way, or do we fix the vulnerability
> for most users with no code breakage?
> 
> I clearly value compatibility much higher than 100% protection against
> a DoS-style attack (which has many other forms of protecting against
> available also).

If I your read patch correctly, collisions will produce additional
allocations of one distinct PyObject (i.e. AVL node) per colliding key.
That's a pretty massive change in memory consumption for string dicts
(and also in memory fragmentation and cache friendliness, probably). The
performance effect in most situations is likely to be negative too,
despite the better worst-case complexity.

IMO that would be a rather controversial change for a feature release,
let alone a bugfix or security release.

It would be nice to have the release managers' opinions on this issue.

History
Date	User	Action	Args
2012-01-27 01:19:15	pitrou	set	recipients: + pitrou, lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5
2012-01-27 01:19:14	pitrou	link	issue13703 messages
2012-01-27 01:19:12	pitrou	create