asyncore DoS vulnerability
billie
gnewsg at gmail.com
Sat Feb 3 14:58:23 EST 2007
On 2 Feb, 17:09, "Chris Mellon" <arka... at gmail.com> wrote:
> Thats like asking why you should have to move your fingers to type or
> why you should have to eat food in order to not starve. Windows is
> placing a limit of 512 descriptors per process. Call Microsoft if you
> want to go over that.
?
That's not a select() problem: that's an asyncore problem.
I'm just saying that asyncore should handle this event in some other
way than raising a not well defined "ValueError".
I've discovered this problem accidentally by writing a small test
script but personally I've never seen a paper describing it.
Not handling such a problem just means that an asyncore based server
is vulnerable to DoS attacks and I believe that a lot of servers out
there didn't used a try/except statement around "asyncore.loop()".
imho, such a problem should merit some attention.
Don't you agree?
More information about the Python-list
mailing list