Why does SocketServer default allow_reuse_address = false?
gtcopeland at gmail.com
Wed Mar 7 15:39:05 CET 2007
On Feb 26, 5:54 pm, "Joshua J. Kugler" <jos... at eeinternet.com> wrote:
> Considering that UNIX Network Programming, Vol 1 (by W. Richard Stevens)
> recommends "_All_ TCP servers should specify [SO_REUSEADDR] to allow the
> server to be restarted [if there are clients connected]," and that
> self.allow_reuse_address = False makes restarting a server a pain if there
> were connected clients, why does SocketServer default allow_reuse_address
> to False? It's kind of bemusing to subclass ThreadingTCPServer just to
> change one variable that arguably should have been True in the first place.
> Is there some history to this of which I'm not aware? Is there a good
> reason for it to default to false?
Yes, it is there for a good reason. Security is the primary focus of
that option. If you enable that option, rogue applications can assume
service processing under a number of server failure conditions. In
other words, start your rogue, crash the primary service, and you now
have a rogue service running. Even periodic checks will show the
server is still running. Under a number of other configurations, it
is also possible for the rogue service to simply start and usurp some
types of IP traffic on certain OSs which would otherwise be delivered
to your real server.
Contrary to the book, blindly enabling SO_REUSEADDR is a very, very
bad idea unless you completely understand the problem domain. I'm
sure Stevens' does understand so it makes for a good choice for him.
On the other hand, most people don't understand the implications so it
makes for a very, very poor move from a security perspective.
Long story short, it is not a bug. It is a feature. The proper
default is that of the OS, which is to ensure SO_REUSEADDR is disabled
unless you absoluetely understand what you're buying by enabling it.
More information about the Python-list