develooper Front page | perl.perl5.porters | Postings from August 2022

Why is PERL_INTERNAL_RAND_SEED disabled sometimes?

Thread Next
From:
demerphq
Date:
August 6, 2022 09:41
Subject:
Why is PERL_INTERNAL_RAND_SEED disabled sometimes?
Message ID:
CANgJU+VoGJL37iKu3gnCQ=St1OJVxLLHrvg+=EuRopXTZnJ4vA@mail.gmail.com
HI Tony,

In d62950713a9 you added support for the PERL_INTERNAL_RAND_SEED
variable. But it is set up to be ignored when "run setuid or setgid".
Can you explain why? The PERL_INTERNAL_RAND_SEED is nearly only used
to populate the hash seed, and the hash seed isnt similarly guarded so
I am confused what the purpose of this is.

I am in the process of adding support for a new env var which would
imply PERL_INTERNAL_RAND_SEED, but I can't see why it should be
forbidden when setuid or setgid.   What is the security concern here?

cheers,
Yves

-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About