[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Donald Stufft donald at stufft.io
Tue Feb 25 14:21:46 CET 2014

On Feb 25, 2014, at 8:17 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:

> On Tue, 25 Feb 2014 08:08:09 -0500
> Donald Stufft <donald at stufft.io> wrote:
>> Hash randomization is broken and doesn’t fix anything.
> Not sure what you mean with "doesn't fix anything". Hash collisions were
> easy to exploit pre-hash randomization, they doesn't seem as easy to
> exploit with it.

Instead of pre-generating one set of values that can be be used to DoS things
you have to pre-generate 256 sets of values and try them until you get the
right one. It’s like putting on armor made of paper and saying it’s harder to
stab you now.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140225/e5a6934f/attachment-0001.sig>

More information about the Python-Dev mailing list