Gregory Ewing <greg.ew...@canterbury.ac.nz>: > Dan Stromberg wrote: >> On Thu, Jun 28, 2018 at 10:30 PM, Marko Rauhamaa <ma...@pacujo.net> wrote: >> >>>Well, the same security issue can be demonstrated without >>>SO_REUSEADDR: >>> >>>The security issue can be real but is not directly related with >>>SO_REUSEADDR. >> >> Yes, it can. It just takes longer. > > I don't see how the address-reuse timeout can be a security measure, > because the process trying to take over the address can easily > circumvent it by setting SO_REUSEADDR.
The address reuse timeout (TIME WAIT) is only used to deal with "Byzantine generals" loophole in the TCP protocol. Its purpose is to guarantee that both peers end up with a common understanding of the final state of the connection. Nevertheless, the later socket object cannot unilaterally take over a socket using SO_REUSEADDR. The earlier socket object must have set the same option previously. Marko -- https://mail.python.org/mailman/listinfo/python-list
