Hide Forgot
+++ This bug was initially created as a clone of Bug #812398 +++ The latest version of Python supports hash randomization. http://mail.python.org/pipermail/python-list/2012-April/1290792.html For webapps deployed with mod_wsgi, it's not trivial to enable this feature to secure your webapp. I first attemped to enable this feature by modifying apache's init script (https://fedorahosted.org/fedora-infrastructure/ticket/3169). This approach is not ideal, because it adds Python-specific options to the Apache init script, which tends to be distro-specific anyway. The ideal solution is to add an option to mod_wsgi that allows the user to enable hash randomization. I wrote a patch that adds a WSGIHashSeed option, and sent it upstream. https://groups.google.com/d/msg/modwsgi/TFJYMJ30Q7w/I4C8JhUv8ScJ SRPM with patch: http://lmacken.fedorapeople.org/rpms/mod_wsgi-3.3-3.fc18.src.rpm
Any idea why adding PYTHONHASHSEED=random to /etc/sysconfig/httpd is not sufficient?
(In reply to Joe Orton from comment #2) > Any idea why adding PYTHONHASHSEED=random to /etc/sysconfig/httpd is not > sufficient? It is sufficient, but not ideal. I'm fine with closing out this bug if you would like, but we're still shipping very old mod_wsgi in RHEL7, which has a proper configuration directive for this.