On 06/28/18 18:04, Dan Stromberg wrote:
[snip] Start an echo server process P that listens on tcp/5555. Initiate a connection from a client machine to process P at tcp/5555. It works as expected. Kill P. Initiate a connection from a client machine to process P at tcp/5555. It gives a connection refused as expected. If someone else comes along soon after and starts a different echo server process Q at tcp/5555 on the same server, it starts up immediately if P used SO_REUSEADDR. Then initiate a connection from the same (or different) client machine to process P (which no longer exists). Q gets the data intended for P.
There are all sorts of theoretical vulnerabilities that simply don't manifest in real life. I think this is one of them.
Me: "It hurts when I do this." Doctor: "Well, don't do that." -Jim -- https://mail.python.org/mailman/listinfo/python-list
