[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Chris Angelico rosuav at gmail.com
Tue Feb 25 14:32:55 CET 2014


On Wed, Feb 26, 2014 at 12:21 AM, Donald Stufft <donald at stufft.io> wrote:
> Instead of pre-generating one set of values that can be be used to DoS things
> you have to pre-generate 256 sets of values and try them until you get the
> right one. It’s like putting on armor made of paper and saying it’s harder to
> stab you now.

Paper armor? You mean the stuff they tested here?
http://www.imdb.com/title/tt1980597/

Cutting the problem by a factor of 256 isn't nothing, but yes, it's
still a problem. But why is it only 256? I tried Googling for 'python
hash randomization problem' and other keywords but all I can find is
the original. I'm sure someone's done the analysis somewhere as to why
it's still a problem in 2.7, and why (presumably) it can't be fixed in
2.7 - after all, that's the version that's not going anywhere any time
soon.

ChrisA


More information about the Python-Dev mailing list