From: Christopher Kohlhoff (chris_at_[hidden])
Date: 2005-10-04 16:35:31
Hi Dick,
--- BRIDGES Dick <Dick.Bridges_at_[hidden]> wrote:
> No. SO_REUSEADDR does increase the attack surface. Not a lot and
> less
> now than in the past but IMHO there's no point in helping the bad
> guys
> even a little bit if it's not required. Besides, I doubt all that
> many
> people would find it useful. My mumbling was aimed more toward
> myself
> than anything else - I have written a fair amount of "server" code
> and
> should have developed better habits by now. ;)
I just checked my copy of Unix Network Programming Vol. 1 and it does
recommend always setting the SO_REUSEADDR option (even though it notes
the security issue).
> Hmmm. The copy of the library I downloaded on 14 September doesn't
> have socket_acceptor::reuse_address and linux.softpedia.com says the
> last update was 5 September. I used stream_socket::reuse_address
> instead and that worked. Is there a newer version of the library
> somewhere else?
There's the version I'm working on in sourceforge CVS, which is what I
had based my answer on, sorry.
> I would like to see this initialization code pushed back down into
> the acceptor. Maybe something along the lines of an "option_policy",
> but I can't come up with anything to suggest that isn't more trouble
> than it's worth.
Yeah, these sort of options might somehow be associated with the
protocol, since I can see different protocols (e.g. UNIX domain
sockets, Bluetooth RFCOMM, etc) needing different defaults. I might
leave this until asio gets more use in other types of socket to see
what can be made reusable.
Cheers,
Chris