asyncore DoS vulnerability
Jean-Paul Calderone
exarkun at divmod.com
Fri Feb 2 11:52:30 EST 2007
On Fri, 2 Feb 2007 10:39:57 -0600, skip at pobox.com wrote:
>
> billie> asyncore aims to be a framework, right? I think that when
> billie> select() limit is reached asyncore should just drop other
> billie> connections. That's all.
>
>You're asking asyncore to make a policy decision on behalf the controlling
>application. It has no idea what that application wants to do when the open
>file limit is reached. Maybe it should close the oldest connection instead
>of refusing all new ones. Maybe it should adjust the rate at which it
>accepts new connections. asyncore doesn't know.
It could ask the application. On the other hand, maybe asyncore remains in
a perfectly consistent state even after it raises this exception, and it is
already "asking" by letting this exception propagate up: if the application
is free to start the loop again after this happens, then it seems everything
is just fine; if some state becomes inconsistent, though, then asyncore should
probably do something more (assuming asyncore applications are supposed to be
able to be resistent to this kind of DoS).
Still, this basically means every asyncore-based server can be shut down more
or less at the whim of the public internet. Doesn't that problem merit some
attention (maybe it doesn't, I don't know - that's why I'm asking)?
Jean-Paul
More information about the Python-list
mailing list