[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Real-World Impact of Hash DoS in Lua
- From: Natanael Copa <natanael.copa@...>
- Date: Tue, 31 Jan 2012 13:28:45 +0100
sorry late reply....
On Wed, Jan 25, 2012 at 11:26 PM, Roberto Ierusalimschy
<roberto@inf.puc-rio.br> wrote:
>> OK. Cool. This is a showstopper for the company I am working with for
>> rolling out embedded Lua with nginx. Is there anything I can do to help?
>
> what it is still missing now is how to create the initial per-state
> random seed. Suggestions included some address and arc4random. I am
> afraid that, for the backup ANSI implementation, we cannot do much
> better than something like this:
>
> seed = (unsigned int)time() + (unsigned int)L;
>
> We can have better implementations for particular system. For instance,
> we can use arc4random if present, but how to detect it? Are there any
> other suggestions?
Other projects normally use configure scripts and options to
detect/configure things like that.
How about something like:
make configure
will generate a config.mk file which holds the different variables:
HAVE_ARC4RANDOM=1
And then in Makefile you have:
-include config.mk
That way you can:
* configure the build by editing config.mk
* build it without config.mk, use defaults but still override. for example:
make HAVE_ARC4RANDOM=1
* run make configure to autodetect stuff
I think GNU make is needed for the "-include config.mk"
Other option is to write a configure shell script that can be run
optionally. (similar to what qemu does)
--
Natanael Copa
