If the RPC server does not bind first there exists a race condition between malware and bitcoind to bind to the port and recieve a cookie request from external application.
This test relies on the order of log messages, which may (I don't know) be slightly brittle. However because both InitHTTPServer() and StartHTTPRPC() are called in single-threaded series from within AppInitServers() it should work well enough.
This allows specification that log entries should be detected in the
order they are passed in through their argument list.
If we don't bind before creating the authentication cookie a race
condition exists where malware could restart the node, bind to the RPC
port and read the current cookie before bitcoind binds.
<!--e57a25ab6845829454e8d69fc972939a-->
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
<!--021abf342d371248e50ceaed478a90ca-->
See the guideline for information on the review process. A summary of reviews will appear here.
<!--174a7506f384e20aa4161008e828411d-->
No conflicts as of last run.
The feature request didn't seem to attract much attention in the past. Also, the issue seems not important enough right now to keep it sitting around idle in the list of open issues.
Closing due to lack of interest. Pull requests with improvements are always welcome.
Is this related to CVE-2018-20587?
@achow101 This appears to be a security fix, not a feature request :|
Edit: This doesn't fix anything, just tests for correct behaviour.