Nicholas Clark wrote:
Something like this? Only with the rough edges smoothed out?Currently only in blead.Now merged into maint. If it doesn't work it comes out :-) [But it does cope with the attack on http://www.cs.rice.edu/~scrosby/hash/ as well as 5.8.1]
Nick, what's your definition of "doesn't work"? This change will affect run-time only in certain circumstances, which I'd guess no application has tests for. Won't any application that caches the PERL_HASH value now break if the rehashing alg tells perl to rehash the key, so the hash entry lookup will fail? e.g. mod_perl 2.0 caches PERL_HASH value for all perl callback GVs it's configured to run, if perl rehashes those values, mod_perl will break as it no longer will be able to find those GVs.
Also, how does it affect the runtime which relies on the PERL_HASH_SEED env var to reproduce the exact previous execution? If the rehashing kicks in, will it always rehash to the same values?
Also I suppose we need to replace all occurences of PL_hash_seed(_set)? with the 'PL_new_' prefix in mod_perl 2.0. I guess I'll wait till the dust settles down. In any case I can't commit the fix since we still have perl's SUBVERSION==1 :(
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:stas@stason.org http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com