From: Tim Bunce <Tim.Bunce@pobox.com>
Date: Thu, 26 Jun 2003 10:53:22 +0000 (+0100)
Subject: Re: Change 19854: Bite the bullet and apply the hash randomisation patch.
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=3debabd9ba8d62a4b7656b07d06b582de8063b12;p=p5sagit%2Fp5-mst-13.2.git

Re: Change 19854: Bite the bullet and apply the hash randomisation patch.
Message-ID: <20030626095322.GE97463@dansat.data-plan.com>

p4raw-id: //depot/perl@19860
---

diff --git a/INSTALL b/INSTALL
index 1c494d2..e9cd2a6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -840,7 +840,7 @@ your sfio sources and correct iffe's guess about atexit.
 
 In Perls 5.8.0 and earlier it was easy to create degenerate hashes.
 Processing such hashes would consume large amounts of CPU time,
-causing a "Denial of Service" attack against Perl.  Such hashes may be
+enabling a "Denial of Service" attack against Perl.  Such hashes may be
 a problem for example for mod_perl sites, sites with Perl CGI scripts
 and web services, that process data originating from external sources.
 
@@ -848,23 +848,23 @@ In Perl 5.8.1 a security feature was introduced to make it harder
 to create such degenerate hashes.
 
 Because of this feature the keys(), values(), and each() functions
-will return the hash elements in different order between different
+may return the hash elements in different order between different
 runs of Perl even with the same data.  One can still revert to the old
-predictable order by setting the environment variable PERL_HASH_SEED,
+repeatable order by setting the environment variable PERL_HASH_SEED,
 see L<perlrun>.  Another option is to add -DUSE_HASH_SEED_EXPLICIT to
 the compilation flags, in which case one has to explicitly set the
 PERL_HASH_SEED environment variable to enable the security feature,
 or -DNO_HASH_SEED to completely disable the feature.
 
-B<Perl does not guarantee any ordering of the hash keys>, and the
+B<Perl has never guaranteed any ordering of the hash keys>, and the
 ordering has already changed several times during the lifetime of
-Perl 5.  Also, the ordering of hash keys already (in Perl 5.8.0 and
-earlier) depends on the insertion order.
+Perl 5.  Also, the ordering of hash keys has always been, and
+continues to be, affected by the insertion order.
 
 Note that because of this randomisation for example the Data::Dumper
 results will be different between different runs of Perl since
 Data::Dumper by default dumps hashes "unordered".  The use of the
-Data::Dumper C<Sortkeys> filter is recommended.
+Data::Dumper C<Sortkeys> option is recommended.
 
 =head2 SOCKS