Author christian.heimes
Recipients benjamin.peterson, christian.heimes, miss-islington, vstinner
Date 2018-09-21.06:38:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1537511885.41.0.956365154283.issue34623@psf.upfronthosting.co.za>
In-reply-to
Content
The bug affects multiple platforms. libexpat's expat.h uses slightly different autoconf macro names than pyconfig.h. Therefore only platforms that have either HAVE_GETRANDOM or _WIN32 defined, use a proper CSPRNG to seed the hash salt.

Since HAVE_SYSCALL_GETRANDOM, HAVE_ARC4RANDOM_BUF, HAVE_ARC4RANDOM, or XML_DEV_URANDOM are never defined by Python's pyconfig.h, older Linux platforms, any BSD, and any other Unix platform with /dev/urandom fall back to a weak Mersenne Twister-like RNG with gettimeofday().tv_usec and getpid() as seed.
History
Date User Action Args
2018-09-21 06:38:05christian.heimessetrecipients: + christian.heimes, vstinner, benjamin.peterson, miss-islington
2018-09-21 06:38:05christian.heimessetmessageid: <1537511885.41.0.956365154283.issue34623@psf.upfronthosting.co.za>
2018-09-21 06:38:05christian.heimeslinkissue34623 messages
2018-09-21 06:38:05christian.heimescreate