From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Fri, 11 Jul 2003 05:07:09 +0000 (+0000)
Subject: I think the API for mod_perl v2 should be simply that
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=103dd89994b01bc194bfaf186624c2fb15f80afe;p=p5sagit%2Fp5-mst-13.2.git

I think the API for mod_perl v2 should be simply that
PL_modperl sets the PL_hash_seed (and PL_hash_seed_set)
itself, hopefully from a good source of random bits.

p4raw-id: //depot/perl@20145
---

diff --git a/perl.c b/perl.c
index 32e0469..df11879 100644
--- a/perl.c
+++ b/perl.c
@@ -899,7 +899,9 @@ setuid perl scripts securely.\n");
 
 #if defined(USE_HASH_SEED) || defined(USE_HASH_SEED_EXPLICIT)
     /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0
-     * This MUST be done before any hash stores or fetches take place. */
+     * This MUST be done before any hash stores or fetches take place.
+     * If you set PL_hash_seed (and assumedly also PL_hash_seed_set) yourself,
+     * it is your responsibility to provide a good random seed! */
     if (!PL_hash_seed_set)
 	 PL_hash_seed = get_seed();
     {