[Python-Dev] Python startup time
I'm sorry, the word *will* may be stronger than I thought.
I meant if memory image dumped on disk is used casually,
it may make easier to make security hole.
For example, if `hg` memory image is reused, and it can be leaked in some
hg serve will be hashdos weak.
I don't deny that it's useful and safe when it's used carefully.
On Tue, May 15, 2018 at 1:58 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Tue, 15 May 2018 01:33:18 +0900
> INADA Naoki <songofacandy at gmail.com> wrote:
> > It will broke hash randomization.
> > See also: https://www.cvedetails.com/cve/CVE-2017-11499/
> I don't know why it would. The mechanism of pre-initializing a process
> which is re-used accross many requests is how most server applications
> of Python already work (you don't want to bear the cost of spawning
> a new interpreter for each request, as antiquated CGI does). I have not
> heard that it breaks hash randomization, so a similar mechanism on the
> CLI side shouldn't break it either.
> Python-Dev mailing list
> Python-Dev at python.org
INADA Naoki <songofacandy at gmail.com>