- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
environment variable, to provide an opt-in way to protect against denial of
service attacks due to hash collisions within the dict and set types. Patch
by David Malcolm, based on work by Victor Stinner.
diff --git a/Misc/NEWS b/Misc/NEWS
index 20d39b6..2b2f94c 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,11 @@
Core and Builtins
-----------------
+- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
+ environment variable, to provide an opt-in way to protect against denial of
+ service attacks due to hash collisions within the dict and set types. Patch
+ by David Malcolm, based on work by Victor Stinner.
+
Library
-------
diff --git a/Misc/python.man b/Misc/python.man
index d981fba..0a3eca4 100644
--- a/Misc/python.man
+++ b/Misc/python.man
@@ -34,6 +34,9 @@
.B \-O0
]
[
+.B \-R
+]
+[
.B -Q
.I argument
]
@@ -151,6 +154,18 @@
.B \-O0
Discard docstrings in addition to the \fB-O\fP optimizations.
.TP
+.B \-R
+Turn on "hash randomization", so that the hash() values of str, bytes and
+datetime objects are "salted" with an unpredictable pseudo-random value.
+Although they remain constant within an individual Python process, they are
+not predictable between repeated invocations of Python.
+.IP
+This is intended to provide protection against a denial of service
+caused by carefully-chosen inputs that exploit the worst case performance
+of a dict insertion, O(n^2) complexity. See
+http://www.ocert.org/advisories/ocert-2011-003.html
+for details.
+.TP
.BI "\-Q " argument
Division control; see PEP 238. The argument must be one of "old" (the
default, int/int and long/long return an int or long), "new" (new
@@ -411,6 +426,20 @@
If this is set to a non-empty string it is equivalent to specifying
the \fB\-v\fP option. If set to an integer, it is equivalent to
specifying \fB\-v\fP multiple times.
+.IP PYTHONHASHSEED
+If this variable is set to "random", the effect is the same as specifying
+the \fB-R\fP option: a random value is used to seed the hashes of str,
+bytes and datetime objects.
+
+If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for
+generating the hash() of the types covered by the hash randomization. Its
+purpose is to allow repeatable hashing, such as for selftests for the
+interpreter itself, or to allow a cluster of python processes to share hash
+values.
+
+The integer must be a decimal number in the range [0,4294967295]. Specifying
+the value 0 will lead to the same hash values as when hash randomization is
+disabled.
.SH AUTHOR
The Python Software Foundation: http://www.python.org/psf
.SH INTERNET RESOURCES