Re: Plan C (was Re: Plan B for fixing 5.8.2 binary API)
Nicholas Clark wrote:
Something like this? Only with the rough edges smoothed out?
Currently only in blead.
Now merged into maint. If it doesn't work it comes out :-)
[But it does cope with the attack on http://www.cs.rice.edu/~scrosby/hash/
as well as 5.8.1]
Nick, what's your definition of "doesn't work"? This change will affect
run-time only in certain circumstances, which I'd guess no application has
tests for. Won't any application that caches the PERL_HASH value now break if
the rehashing alg tells perl to rehash the key, so the hash entry lookup will
fail? e.g. mod_perl 2.0 caches PERL_HASH value for all perl callback GVs it's
configured to run, if perl rehashes those values, mod_perl will break as it no
longer will be able to find those GVs.
Also, how does it affect the runtime which relies on the PERL_HASH_SEED env
var to reproduce the exact previous execution? If the rehashing kicks in, will
it always rehash to the same values?
Also I suppose we need to replace all occurences of PL_hash_seed(_set)? with
the 'PL_new_' prefix in mod_perl 2.0. I guess I'll wait till the dust settles
down. In any case I can't commit the fix since we still have perl's
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:email@example.com http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com