Karl Palsson <ka...@tweak.net.au> [2020-03-05 11:18:02]:
> > Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced
> > infinite restarting of the service which could be reached over
> > network.
>
> Didn't we already decide that this wasn't the case?
< jow> ubus itself has no network transport
< jow> it is reachable via http://.../ubus in case uhttpd-mod-ubus is installed
(not the default) or via http://.../cgi-bin/luci/admin/ubus (default)
< jow> the latter emulates uhttpd-mob-ubus in Lua code
< jow> it takes incoming http requests, parses the body json and invokes ubus
via libubus
I understand this as Yes, it is available over network.
> Sure, now it's a DoS instead :) It's always a tradeoff, but I
> think you're glossing over the tradeoff here.
Secure by default.
-- ynezz
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
