Summary: | python: randomness of map/set causes unreproducible .pyc. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | thssld |
Component: | Current packages | Assignee: | Python Gentoo Team <python> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1686078 https://github.com/python/cpython/pull/25411 https://bugs.archlinux.org/task/70340 https://github.com/python/cpython/issues/88016 https://github.com/python/cpython/issues/73894 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 913920 |
Description
thssld
2023-09-10 15:23:43 UTC
Doesn't this have some security implications? https://lwn.net/Articles/474912/ https://lwn.net/Articles/916204/ https://docs.python.org/3/using/cmdline.html#cmdoption-R http://ocert.org/advisories/ocert-2011-003.html Unclear why https://github.com/python/cpython/pull/25411 was closed. (In reply to Sam James from comment #1) > Doesn't this have some security implications? I suppose it's fine if we only set it in the Python eclasses, just not as a default in Python itself (i.e. we want the runtime randomisation, but not when producing .pyc). (In reply to Sam James from comment #3) > (In reply to Sam James from comment #1) > > Doesn't this have some security implications? > > I suppose it's fine if we only set it in the Python eclasses, just not as a > default in Python itself (i.e. we want the runtime randomisation, but not > when producing .pyc). I tried with PYTHONHASHSEED=0 before run catalyst and result seems reproducible. But I don't know if it makes runtime hashing randomization disabled. A small sample seems not working even on a non-hacked build. I would suggest that people who want reproducible builds just add PYTHONHASHSEED to make.conf. I don't see any reason to do it for everybody in the python eclasses. |