Re: [modwsgi] Preparing for mod_wsgi 3.4.

Mon, 16 Apr 2012 17:07:03 -0700 

On Sun, Apr 15, 2012 at 08:02:58PM +1000, Graham Dumpleton wrote:
> 1. Means of turning on hash seed randomisation with recent updates of
> Python. I still have a few issues to sort out here. I was supplied a
> patch, but it doesn't go far enough and deal adequately with issues
> like upgrading patch levels of Python against a mod_wsgi compiled
> against an older version. It also didn't allow hash seeding, only
> randomisation.

Attached is a patch that solves both of these problems.

This creates a WSGIPythonHashSeed option, which gets set to the
PYTHONHASHSEED environment variable. This option accepts either 'random'
or seed values 0-4294967295.

Thoughts?

luke

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/modwsgi?hl=en.


--- mod_wsgi.c.orig     2012-04-16 19:24:08.671074746 -0400
+++ mod_wsgi.c  2012-04-16 19:36:13.015855777 -0400
@@ -7235,6 +7235,28 @@
     return NULL;
 }
 
+static const char *wsgi_set_python_hash_seed(cmd_parms *cmd, void *mconfig,
+                                             const char *f)
+{
+    const char *error = NULL;
+
+    error = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (error != NULL)
+        return error;
+
+    size_t len = strlen("PYTHONHASHSEED=") + strlen(f) + 1;
+    char *seed = (char *)malloc(len);
+    snprintf(seed, len, "PYTHONHASHSEED=%s", f);
+
+#if defined(WIN32)
+    _putenv(seed);
+#else
+    putenv(seed);
+#endif
+
+    return NULL;
+}
+
 static const char *wsgi_set_restrict_embedded(cmd_parms *cmd, void *mconfig,
                                               const char *f)
 {
@@ -9204,6 +9226,8 @@
         RSRC_CONF, TAKE1, "Python module search path." },
     { "WSGIPythonEggs", wsgi_set_python_eggs, NULL,
         RSRC_CONF, TAKE1, "Python eggs cache directory." },
+    { "WSGIPythonHashSeed", wsgi_set_python_hash_seed, NULL,
+        RSRC_CONF, TAKE1, "Python hash seed." },
 
     { "WSGIRestrictStdin", wsgi_set_restrict_stdin, NULL,
         RSRC_CONF, TAKE1, "Enable/Disable restrictions on use of STDIN." },
@@ -14890,6 +14914,8 @@
         NULL, RSRC_CONF, "Python module search path."),
     AP_INIT_TAKE1("WSGIPythonEggs", wsgi_set_python_eggs,
         NULL, RSRC_CONF, "Python eggs cache directory."),
+    AP_INIT_RAW_ARGS("WSGIPythonHashSeed", wsgi_set_python_hash_seed,
+        NULL, RSRC_CONF, "Python hash seed."),
 
 #if defined(MOD_WSGI_WITH_DAEMONS)
     AP_INIT_TAKE1("WSGIRestrictEmbedded", wsgi_set_restrict_embedded,

Reply via email to