Hi, 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant < ke...@darbyshire-bryant.me.uk>:
> This patch stops SIGHUP from enabling dnssec timechecks if disabled by > use of --dnssec-no-timecheck option. --dnssec-timestamp continues to > work correctly. > I haven't really followed the previous discusion, but maybe you can just use another signal? > > Enabling dnssec timechecks now requires restarting dnsmasq without > the --dnssec-no-timecheck configuration option and closes a > potential denial of service exploit by sending SIGHUP when system > time does not correspond with Internet time. > > > This change may be useful for future ntpd/dnsmasq hotplug integration. > > > Signed-off-by: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> > --- > .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch | 13 > +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 > package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch > >
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
