It seems that on resource constrained routers, it's possible to execute a non-critical denial of service attack against the router simply by opening multiple tcp queries to dnsmasq, which then forks for each tcp connection up to MAX_PROCS times, resulting in oom-killer being invoked after the router runs out of memory. One could imagine a malicious app or shell script constantly spawning new tcp connections and keeping the router out of memory as a result. This problem came to light on the Openwrt forum as a user had a taxi booking app that opened multiple tcp connections to dnsmasq. A simple patch to add a long form configuration option "-max-procs=<number>" to dnsmasq that allows MAX_PROCS to be overridden at runtime fixed the user's problem. Not sure if this is the best way of dealing with the problem, but wanted to bring this to the list's attention. Ian
200-max-procs.patch
Description: Binary data
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
