Author sbt
Recipients jbrearley, sbt
Date 2013-01-13.19:56:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1358106995.42.0.980699350211.issue16920@psf.upfronthosting.co.za>
In-reply-to
Content
> If someone used regular sockets deliberately, they could crash
> multiprocessing server code deliberately. Any chance of doing a real message
> length check against the embedded message length check?

You can do

    message = conn.recv_bytes(maxlength)

if you want a length check -- OSError will be raised if the message is too long.

But Listener() and Client() are *not* replacements for the normal socket API and I would not really advise using them for communication over a network.  They are mostly used internally by multiprocessing -- and then only with digest authentication.

All processes in the same program inherit the same randomly generated authentication key -- current_process().authkey.  If you create a listener by doing

    listener = Listener(address, authenticate=True)

then other processes from the same program can connect by doing

    conn = Client(address, authenticate=True)

Without knowing the correct authentication key it is not possible to connect and do a DOS like you describe.
History
Date User Action Args
2013-01-13 19:56:35sbtsetrecipients: + sbt, jbrearley
2013-01-13 19:56:35sbtsetmessageid: <1358106995.42.0.980699350211.issue16920@psf.upfronthosting.co.za>
2013-01-13 19:56:35sbtlinkissue16920 messages
2013-01-13 19:56:34sbtcreate