Petr Štetiar <yn...@true.cz> wrote:
> Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced
> infinite restarting of the service which could be reached over
> network.
Didn't we already decide that this wasn't the case?
This is not recommended security practice as it might
> give potential adversary infinite number of tries in case there
> might be some issue in the rpcd or its surrounding stack.
Sure, now it's a DoS instead :) It's always a tradeoff, but I
think you're glossing over the tradeoff here.
>
> So lets remove the currently bogus `respawn_retry` variable (it
> wasn't possible to override it anyway), reverting to the
> previous default max. of 5 service restarts which could be now
> overriden via system's UCI settings if desired.
>
> Cc: Jo-Philip Wich <j...@mein.io>
> Cc: Florian Eckert <f...@dev.tdt.de>
> Cc: Hauke Mehrtens <ha...@hauke-m.de>
> Fixes: 432ec292ccc8 ("rpcd: add respawn param")
> Signed-off-by: Petr Štetiar <yn...@true.cz>
> ---
> package/system/rpcd/files/rpcd.init | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/system/rpcd/files/rpcd.init
> b/package/system/rpcd/files/rpcd.init index
> 3e9ea5bbf329..f75d0e0f0eea 100755
> --- a/package/system/rpcd/files/rpcd.init
> +++ b/package/system/rpcd/files/rpcd.init
> @@ -12,7 +12,7 @@ start_service() {
>
> procd_open_instance
> procd_set_param command "$PROG" ${socket:+-s "$socket"} ${timeout:+-t
> "$timeout"}
> - procd_set_param respawn ${respawn_retry:-0}
> + procd_set_param respawn
> procd_close_instance
> }
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
OpenPGP-digital-signature.html
Description: OpenPGP Digital Signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
