[Python-Dev] Hash randomization and deterministic bytecode
Freddy Rietdijk
freddyrietdijk at fridh.nl
Fri May 12 09:06:15 EDT 2017
Hi,
On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash
randomization. We do this to improve determinism of the builds because we
store the bytecode next to the code.
When one runs Python directly or via a script PYTHONHASHSEED is not set
thus enabling hash randomization. Am I correct when I say that in this case
Python still uses the reproducibly build bytecode and, because its now
running with a random seed we wouldn't be vulnerable to
http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also try
to each time also recompile bytecode?
Kind regards,
Freddy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170512/243ecfb0/attachment.html>
More information about the Python-Dev
mailing list