Dan Stromberg <drsali...@gmail.com>: > [on how SO_REUSEADDR is a security risk]
> Start an echo server process P that listens on tcp/5555. > > Initiate a connection from a client machine to process P at tcp/5555. It > works as expected. > > Kill P. > > Initiate a connection from a client machine to process P at tcp/5555. It > gives a connection refused as expected. > > If someone else comes along soon after and starts a different echo server > process Q at tcp/5555 on the same server, it starts up immediately if P > used SO_REUSEADDR. > > Then initiate a connection from the same (or different) client machine to > process P (which no longer exists). Q gets the data intended for P. Well, the same security issue can be demonstrated without SO_REUSEADDR: DON'T start an echo server process P that listens on tcp/5555. Initiate a connection from a client machine to process P at tcp/5555. It gives a connection refused as expected. If someone else comes along and starts an echo server process Q at tcp/5555 on the same server, it starts up immediately. Then initiate a connection from the same (or different) client machine to process P (which never existed). Q gets the data intended for P. The security issue can be real but is not directly related with SO_REUSEADDR. Marko -- https://mail.python.org/mailman/listinfo/python-list
