[#53097] [ruby-trunk - Bug #8000][Open] "require 'tk'" segfaults on 64-bit linux with Tk 8.6 — "edmccard (Ed McCardell)" <edmccard@...>
25 messages
2013/03/02
[#53199] [ruby-trunk - Bug #8040][Open] Unexpect behavior when using keyword arguments — "pabloh (Pablo Herrero)" <pablodherrero@...>
11 messages
2013/03/07
[#53203] [ruby-trunk - Feature #8042][Open] Add Addrinfo#socket to create a socket that is not connected or bound — "drbrain (Eric Hodel)" <drbrain@...7.net>
12 messages
2013/03/07
[#55610] [ruby-trunk - Feature #8042] Add Addrinfo#socket to create a socket that is not connected or bound
— "headius (Charles Nutter)" <headius@...>
2013/06/23
[#53211] [ruby-trunk - Feature #8046][Open] allow Object#extend to take a block — "phluid61 (Matthew Kerwin)" <matthew@...>
6 messages
2013/03/08
[#53248] Github commit log should not be used as references on redmine — Marc-Andre Lafortune <ruby-core-mailing-list@...>
Github commit log should not be used as references on redmine. E.g:
10 messages
2013/03/09
[#53249] Re: Github commit log should not be used as references on redmine
— Zachary Scott <zachary@...>
2013/03/09
I think redmine should ignore flags like \[GH.*#\d*\] or something similar.
[#53606] Re: Github commit log should not be used as references on redmine
— Zachary Scott <zachary@...>
2013/03/21
Ping!
[#53615] Re: Github commit log should not be used as references on redmine
— "NARUSE, Yui" <naruse@...>
2013/03/22
The best place of creating Feature Requests for bug.ruby-lang.org's Redmine
[#53265] [ruby-trunk - Bug #8058][Open] RubyGems test failures under MinGW — "luislavena (Luis Lavena)" <luislavena@...>
5 messages
2013/03/09
[#53349] [ruby-trunk - Bug #8080][Open] Segfault in rb_fd_set — "jonleighton (Jon Leighton)" <j@...>
8 messages
2013/03/12
[#53386] [CommonRuby - Feature #8088][Open] Method#parameters (and friends) should provide useful information about core methods — "headius (Charles Nutter)" <headius@...>
14 messages
2013/03/13
[#55921] [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— "headius (Charles Nutter)" <headius@...>
2013/07/10
[#55922] Re: [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— Yorick Peterse <yorickpeterse@...>
2013/07/10
Consider the following code:
[#55926] Re: [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— Charles Oliver Nutter <headius@...>
2013/07/10
On Wed, Jul 10, 2013 at 11:16 AM, Yorick Peterse
[#53412] [CommonRuby - Feature #8096][Open] introduce Time.current_timestamp — "vipulnsward (Vipul Amler)" <vipulnsward@...>
34 messages
2013/03/14
[#53461] [CommonRuby - Feature #8096] introduce Time.current_timestamp
— "vipulnsward (Vipul Amler)" <vipulnsward@...>
2013/03/15
[#53478] [ruby-trunk - Feature #8107][Open] [patch] runtime flag to track object allocation metadata — "tmm1 (Aman Gupta)" <ruby@...1.net>
20 messages
2013/03/16
[#53526] [ruby-trunk - Feature #8107] [patch] runtime flag to track object allocation metadata
— "tmm1 (Aman Gupta)" <ruby@...1.net>
2013/03/19
[#53523] [ruby-trunk - Bug #8122][Open] [patch] gc: GC.stat improvements and related cleanup — "tmm1 (Aman Gupta)" <ruby@...1.net>
5 messages
2013/03/19
[#53585] Consistent hashing in the face of HashDOS? — Charles Oliver Nutter <headius@...>
It had to happen eventually...
7 messages
2013/03/21
[#53599] [Backport 200 - Backport #8135][Open] Backport escape all closing parens - r39858 — "vo.x (Vit Ondruch)" <v.ondruch@...>
7 messages
2013/03/21
[#53619] [ruby-trunk - Bug #8142][Open] [patch] iseq: reduce array allocations for simple sequences — "tmm1 (Aman Gupta)" <ruby@...1.net>
7 messages
2013/03/22
[#53635] [ruby-trunk - Bug #8148][Open] [patch] reduce allocations due to __FILE__ and {class,module}_eval — "tmm1 (Aman Gupta)" <ruby@...1.net>
6 messages
2013/03/22
[#54391] [ruby-trunk - Bug #8148] [patch] reduce allocations due to __FILE__ and {class,module}_eval
— "headius (Charles Nutter)" <headius@...>
2013/04/17
[#53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted? — Nikolai Weibull <now@...>
Hi!
5 messages
2013/03/23
[#53680] Re: [ruby-core:53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted?
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/03/23
On Sat, Mar 23, 2013 at 2:45 PM, Nikolai Weibull <now@bitwi.se> wrote:
[#53685] Re: [ruby-core:53680] Re: [ruby-core:53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted?
— Nikolai Weibull <now@...>
2013/03/23
On Sat, Mar 23, 2013 at 8:30 PM, KOSAKI Motohiro
[#53688] [ruby-trunk - Feature #8158][Open] lightweight structure for loaded features index — "funny_falcon (Yura Sokolov)" <funny.falcon@...>
27 messages
2013/03/24
[#53692] [ruby-trunk - Bug #8159][Open] Build failure introduced by Rinda changes — "luislavena (Luis Lavena)" <luislavena@...>
22 messages
2013/03/24
[#53713] [ruby-trunk - Bug #8159] Build failure introduced by Rinda changes
— "naruse (Yui NARUSE)" <naruse@...>
2013/03/25
[#53709] [Backport 200 - Backport #8163][Assigned] Backport r39919 — "authorNari (Narihiro Nakamura)" <authorNari@...>
6 messages
2013/03/25
[#53733] [ruby-trunk - Bug #8165][Open] Problems with require — "Krugloff (Alexandr Kruglov)" <mr.krugloff@...>
12 messages
2013/03/26
[#53764] [ruby-trunk - Bug #8173][Open] 2-arg form of Time.at can take a Time as either argument — "hasari (Hiro Asari)" <asari.ruby@...>
8 messages
2013/03/27
[#53808] [ruby-trunk - Feature #8181][Open] New flag for strftime that supports adding ordinal suffixes to numbers — "tkellen (Tyler Kellen)" <tyler@...>
10 messages
2013/03/28
[#53811] [ruby-trunk - Bug #8182][Open] XMLRPC request fails with "Wrong size. Was 31564, should be 1501" — "tsagadar (Marcel Mueller)" <marcel.mueller@...>
28 messages
2013/03/28
[#53825] Thread/fork issue — Jason Gladish <jason@...>
Hello all,
9 messages
2013/03/29
[#53832] Re: Thread/fork issue
— Tanaka Akira <akr@...>
2013/03/29
2013/3/30 Jason Gladish <jason@expectedbehavior.com>:
[#53887] Re: Thread/fork issue
— Tanaka Akira <akr@...>
2013/04/02
2013/3/30 Tanaka Akira <akr@fsij.org>:
[#53901] Re: Thread/fork issue
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/04/02
> I wrote a simple script to reproduce the problem.
[#53849] [ruby-trunk - Feature #8191][Open] Short-hand syntax for duck-typing — "wardrop (Tom Wardrop)" <tom@...>
48 messages
2013/03/31
[#53894] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
2013/04/02
[#53938] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "phluid61 (Matthew Kerwin)" <matthew@...>
2013/04/03
[#53916] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "wardrop (Tom Wardrop)" <tom@...>
2013/04/03
[#53850] An evaluation of 2.0.0 release — Yusuke Endoh <mame@...>
Let's look back at 2.0.0 release so that we can do better next time.
12 messages
2013/03/31
[#53853] Re: An evaluation of 2.0.0 release
— V咜 Ondruch <v.ondruch@...>
2013/03/31
Hello Yusuke,
[ruby-core:53611] Re: Consistent hashing in the face of HashDOS?
From:
Martin Bo煬et <martin.bosslet@...>
Date:
2013-03-21 17:50:19 UTC
List:
ruby-core #53611
2013/3/21 "Martin J. Dst" <duerst@it.aoyama.ac.jp> > Hello Charlie, > > > On 2013/03/21 9:03, Charles Oliver Nutter wrote: > >> It had to happen eventually... >> >> We received a pull request recently for a change that makes JRuby's >> hashing of Strings, Booleans, nil, and Symbols be consistent. >> Basically, it provides hardcoded hashes for Booleans and nil, and >> makes it possible to disable seeded hashes for String and Symbol. >> >> PR: https://github.com/jruby/**jruby/pull/590<https://github.com/jruby/jruby/pull/590> >> >> My question for ruby-core: at what point did you decide to make hash >> for e.g. nil not be a single value (it was "4" in 1.8.7 and >> different/random in 1.9.3+), and why did you do it? >> > > Yui already gave a pointer. Actually, neither NilClass nor TrueClass nor > FalseClass implement #hash. All three fall back to Object. So do Symbol and > Fixnum. So it seems to be mainly the result of not doing anything more than > necessary in terms of implementation against the potential DOS attacks. > > > I think it's valid to want to be able to consistently hash these >> values across runtimes, but I want to understand the implications >> before I merge this patch into JRuby proper. >> >> Thoughts? >> > > I can't currently see a security problem with making the hash values of > nil, true, and false consistent across runtimes. But then that's not a > guarantee that there are none (I'm not a security expert). And I don't see > a reason for making only these three stable. > > When it comes to Symbols, we get back to the question to what extent > Symbols may/can/shouldn't be created based on data coming in from the > outside of an application, which we discussed related to garbage collection > of symbols. > > Overall, having a switch to eliminate introducing randomness into hash > values may be something to consider. But it will produce problems when an > application is put together from various libraries: Some of these libraries > may depend on hashes being stable, while some others may be open to DOS > attacks when hashes are stable. > > I agree that NilClass, TrueClass and FalseClass are probably not an issue since they are singletons. The core problem is a user being able to predictably create different objects that hash to the same value. Symbol, Fixnum and Bignum fall back to Object/Kernel#hash, and Kernel#hash uses MurmurHash [1] & [2]. While randomized, Jean-Philippe Aumasson and Daniel Bernstein showed last year that a randomized MurmurHash isn't enough in general to prevent this kind of denial of service attacks. The proof of concept can be found at [3] and in response, SipHash was introduced, replacing MurmurHash in rb_mem_hash [4]. [1] https://github.com/ruby/ruby/blob/7e052c7b81d22fe4556e313c1f24ccda15502ab1/object.c#L129 [2] https://github.com/ruby/ruby/blob/7e052c7b81d22fe4556e313c1f24ccda15502ab1/st.c#L1477 [3] https://github.com/emboss/schadcode/tree/master/ruby/cruby [4] https://github.com/ruby/ruby/blob/f7108c5d1a10cacfbb79a0b370c8136bed74af66/random.c#L1422 Off the top of my head I would argue that the same technique cannot be applied to Kernel#hash. The argument to be hashed is bounded and just a few bytes long - for the attack to work we would need potentially unbounded byte arrays. Of course, the safest thing would probably be switching Kernel#hash to SipHash, too. I'm not sure to what extent this would affect performance. Maybe we could follow the JRuby approach - MurmurHash was replaced with Perl's hash, with the option to switch to SipHash on demand (@headius - this is correct?). Jean-Philippe confirmed that Perl's hash has not been broken (yet), but it's not unlikely that this could happen in the future. Since we already have SipHash in CRuby, it would be relatively easy to do the same thing, I guess. Another upshot would be that Perl's hash is faster than MurmurHash, too. What do you think? So maybe those who need stable hashes should implement #stable_hash > methods, and if it turns out that this is used often, we can add it to Ruby > itself. > > I like the idea. It is stated in the docs [5] that nobody should assume the values to be consistent across VM boundaries, doing otherwise would clearly violate this contract. -Martin [5] http://www.ruby-doc.org/core-2.0/Object.html#method-i-hash