logging.config.listen(port=DEFAULT_LOGGING_CONFIG_PORT, verify=None)
Starts up a socket server on the specified port, and listens for new configurations. If no port is specified, the module’s default DEFAULT_LOGGING_CONFIG_PORT
is used. Logging configurations will be sent as a file suitable for processing by fileConfig()
. Returns a Thread
instance on which you can call start()
to start the server, and which you can join()
when appropriate. To stop the server, call stopListening()
.
The verify
argument, if specified, should be a callable which should verify whether bytes received across the socket are valid and should be processed. This could be done by encrypting and/or signing what is sent across the socket, such that the verify
callable can perform signature verification and/or decryption. The verify
callable is called with a single argument - the bytes received across the socket - and should return the bytes to be processed, or None to indicate that the bytes should be discarded. The returned bytes could be the same as the passed in bytes (e.g. when only verification is done), or they could be completely different (perhaps if decryption were performed).
To send a configuration to the socket, read in the configuration file and send it to the socket as a string of bytes preceded by a four-byte length string packed in binary using struct.pack('>L', n)
.
Note
Because portions of the configuration are passed through eval()
, use of this function may open its users to a security risk. While the function only binds to a socket on localhost
, and so does not accept connections from remote machines, there are scenarios where untrusted code could be run under the account of the process which calls listen()
. Specifically, if the process calling listen()
runs on a multi-user machine where users cannot trust each other, then a malicious user could arrange to run essentially arbitrary code in a victim user’s process, simply by connecting to the victim’s listen()
socket and sending a configuration which runs whatever code the attacker wants to have executed in the victim’s process. This is especially easy to do if the default port is used, but not hard even if a different port is used). To avoid the risk of this happening, use the verify
argument to listen()
to prevent unrecognised configurations from being applied.
Changed in version 3.4.: The verify
argument was added.
Please login to continue.