From: Jarkko Hietaniemi Date: Sun, 27 Jul 2003 20:21:40 +0000 (+0000) Subject: We now return to your normally scheduled hash randomisation. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=4546b9e60350d925ea9a8210378c9e1a79f4a7ab;p=p5sagit%2Fp5-mst-13.2.git We now return to your normally scheduled hash randomisation. p4raw-id: //depot/perl@20242 --- diff --git a/INSTALL b/INSTALL index 1f2ac62..e3652d2 100644 --- a/INSTALL +++ b/INSTALL @@ -849,12 +849,12 @@ to create such degenerate hashes. Because of this feature the keys(), values(), and each() functions may return the hash elements in different order between different -runs of Perl even with the same data. The additional randomisation -is enabled if the environment variable PERL_HASH_SEED is set, see -perlrun for details. - -One make the randomisation default by adding -DUSE_HASH_SEED to the -compilation flags, or completely disable it by adding -DNO_HASH_SEED. +runs of Perl even with the same data. One can still revert to the old +repeatable order by setting the environment variable PERL_HASH_SEED, +see L. Another option is to add -DUSE_HASH_SEED_EXPLICIT to +the compilation flags, in which case one has to explicitly set the +PERL_HASH_SEED environment variable to enable the security feature, +or -DNO_HASH_SEED to completely disable the feature. B, and the ordering has already changed several times during the lifetime of diff --git a/perl.h b/perl.h index acadabe..8b50836 100644 --- a/perl.h +++ b/perl.h @@ -2258,7 +2258,7 @@ typedef struct crypt_data { /* straight from /usr/include/crypt.h */ /* [perl #22371] Algorimic Complexity Attack on Perl 5.6.1, 5.8.0 */ #if !defined(NO_HASH_SEED) && !defined(USE_HASH_SEED) && !defined(USE_HASH_SEED_EXPLICIT) -# define USE_HASH_SEED_EXPLICIT +# define USE_HASH_SEED #endif #include "regexp.h" diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 129d506..f47b6a5 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -1269,7 +1269,9 @@ element in the hash. Entries are returned in an apparently random order. The actual random order is subject to change in future versions of perl, but it is guaranteed to be in the same order as either the C or C -function would produce on the same (unmodified) hash. +function would produce on the same (unmodified) hash. Since Perl +5.8.1 the ordering is different even between different runs of Perl +for security reasons (see L). When the hash is entirely read, a null array is returned in list context (which when assigned produces a false (C<0>) value), and C in @@ -2317,7 +2319,9 @@ Returns a list consisting of all the keys of the named hash. The keys are returned in an apparently random order. The actual random order is subject to change in future versions of perl, but it is guaranteed to be the same order as either the C or C -function produces (given that the hash has not been modified). +function produces (given that the hash has not been modified). Since +Perl 5.8.1 the ordering is different even between different runs of +Perl for security reasons (see L). As a side effect, calling keys() resets the HASH's internal iterator, @@ -6236,7 +6240,9 @@ Returns a list consisting of all the values of the named hash. The values are returned in an apparently random order. The actual random order is subject to change in future versions of perl, but it is guaranteed to be the same order as either the C or C -function would produce on the same (unmodified) hash. +function would produce on the same (unmodified) hash. Since Perl +5.8.1 the ordering is different even between different runs of Perl +for security reasons (see L). As a side effect, calling values() resets the HASH's internal iterator, see L. diff --git a/pod/perlrun.pod b/pod/perlrun.pod index 024184a..d8ed107 100644 --- a/pod/perlrun.pod +++ b/pod/perlrun.pod @@ -1111,20 +1111,19 @@ PERL_ENCODING environment variable is consulted for an encoding name. =item PERL_HASH_SEED (Since Perl 5.8.1.) Used to randomise Perl's internal hash function. +To emulate the pre-5.8.1 behaviour, set to an integer (zero means +exactly the same order as 5.8.0). "Pre-5.8.1" means, among other +things, that hash keys will be ordered the same between different runs +of Perl. -The default behaviour is B to randomise if the PERL_HASH_SEED is -unset. If Perl has been compiled with C<-DUSE_HASH_SEED>, the default -behaviour B to randomise. If Perl hash been compiled with -C<-DNO_HASH_SEED>, the hash randomisation is completely disabled. - -If PERL_HASH_SEED is set to a numeric (positive integer) string, -that is used as the seed. +The default behaviour is to randomise unless the PERL_HASH_SEED is set. +If Perl has been compiled with C<-DUSE_HASH_SEED_EXPLICIT>, the default +behaviour is B to randomise unless the PERL_HASH_SEED is set. If PERL_HASH_SEED is unset or set to a non-numeric string, Perl uses the pseudorandom seed supplied by the operating system and libraries. - -The seed being set means that each different run of Perl will have -a different ordering of the results of keys(), values(), and each(). +This means that each different run of Perl will have a different +ordering of the results of keys(), values(), and each(). See L for more information. diff --git a/pod/perlsec.pod b/pod/perlsec.pod index ecd9bbc..41f9669 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -404,14 +404,18 @@ into account. In Perls before 5.8.1 one could rather easily generate data that as hash keys would cause Perl to consume large amounts of time because -internal structure of hashes would badly degenerate. In Perl 5.8.1 it -is possible to randomly perturb the hash function by a pseudorandom -seed which makes generating such naughty hash keys harder. See -L for more information. - -Perturbing the hash ordering affects for example modules like -Data::Dumper: if one is dumping hashes, the outputs of two different -runs are no more identical. +internal structure of hashes would badly degenerate. In Perl 5.8.1 +the hash function is randomly perturbed by a pseudorandom seed which +makes generating such naughty hash keys harder. +See L for more information. + +The random perturbation is done by default but if one wants for some +reason emulate the old behaviour one can set the environment variable +PERL_HASH_SEED to zero (or any other integer). One possible reason +for wanting to emulate the old behaviour is that in the new behaviour +consecutive runs of Perl will order hash keys differently, which may +confuse some applications (like Data::Dumper: the outputs of two +different runs are no more identical). B, and the ordering has already changed several times during the lifetime of