You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 111 Reporter: administrator Status: closed Resolution: fixed Priority: normal Severity: feature Category: ~DO NOT USE (was: OCaml general)
Bug description
Hello,
is it out of security concerns that the socket option "SO_REUSEADDR" is not
set on the socket created by "Unix.establish_server"?
The problem is that terminating such a server and starting it again
immediately will fail for a while with "EADDRINUSE", because the system
waits for possible further packets in the network even after having closed
the socket. Setting the option gets rid of the problem, but might be a
security problem when the server is bound to the "any"-address - another
program could bind to and steal specific addresses.
Maybe it would be a good idea to add an argument that sets the option if
needed?
This problem (bind unexpectedly fails) might be a bit confusing for people
without previous experience with TCP/IP. A short hint in the documentation
would surely be helpful.
is it out of security concerns that the socket option "SO_REUSEADDR" is not
set on the socket created by "Unix.establish_server"?
It's just an oversight. Now that you mention it, I'd be tempted to
put SO_REUSEADDR systematically, like I do in most of my network
programs.
Setting the option gets rid of the problem, but might be a
security problem when the server is bound to the "any"-address - another
program could bind to and steal specific addresses.
Interesting. I can't remember seeing a discussion of the security
implications of REUSEADDR. Do you have any references?
Original bug ID: 111
Reporter: administrator
Status: closed
Resolution: fixed
Priority: normal
Severity: feature
Category: ~DO NOT USE (was: OCaml general)
Bug description
Hello,
is it out of security concerns that the socket option "SO_REUSEADDR" is not
set on the socket created by "Unix.establish_server"?
The problem is that terminating such a server and starting it again
immediately will fail for a while with "EADDRINUSE", because the system
waits for possible further packets in the network even after having closed
the socket. Setting the option gets rid of the problem, but might be a
security problem when the server is bound to the "any"-address - another
program could bind to and steal specific addresses.
Maybe it would be a good idea to add an argument that sets the option if
needed?
This problem (bind unexpectedly fails) might be a bit confusing for people
without previous experience with TCP/IP. A short hint in the documentation
would surely be helpful.
Best regards,
Markus Mottl
--
Markus Mottl, mottl@miss.wu-wien.ac.at, http://miss.wu-wien.ac.at/~mottl
The text was updated successfully, but these errors were encountered: