[devel] hash collision in rpm

Vladimir D. Seleznev vseleznv на altlinux.org
Ср Май 5 17:11:05 MSK 2021


On Wed, May 05, 2021 at 08:40:27AM +0300, Alexey Tourbin wrote:
> [skip]
> 
> So the expected number of collisions for short versions is smaller,
> but we have two of them. By the linearity of expectation, the birthday
> collision rate is the same. (This generally shows that it is pointless
> to split a long set-version into a few shorter ones, under any classes
> of equivalence on symbols such as ELF ABI tags. Counterintuitively,
> you can't fight birthday collisions by partitioning, unless you also
> increase the output length. So doing separate set-versions for
> libfoo.so.0(FOO_1.0) and libfoo.so.0(FOO_1.1) is not necessarily a
> good idea, we can just as well hash sym на FOO_1.0 and sym на FOO_1.1 and
> package them into a single version.)

Unfortunately, the symbol resolution is very flexible (some treat it as
an advantage), so the dynamic linker can resolve sym на FOO_1.0 as sym and
vice versa. That makes almost no point to hash symbols with their
versions.

-- 
   WBR,
   Vladimir D. Seleznev


Подробная информация о списке рассылки Devel