[OpenWrt-Devel] Security implications for consideration [Was: Re: [openwrt/openwrt] rpcd: add respawn param]
Petr Štetiar
ynezz at true.cz
Wed Mar 4 06:45:55 EST 2020
Mar 4, 2020 12:08:18 Florian Eckert :
> Hi Petr
>
> thanks for your investigation
>
>
> > I simply would like to bring one important aspect for consideration.
> >
> > By respawning any network facing service indefinitely we're giving
> > adversary
> > infinite attempts for figuring out the way in, decreasing the purpose
> > of
> > (expensive) ASLR etc. See "Remotely Compromising an iPhone through
> > iMessage"[1] (48:41) for real world example.
> >
> > I think, that the previous default (max 5 restarts?) was good enough,
> > ideally
> > the timeout should be exponential in between those 5 restarts and I
> > wouldn't
> > mind if the restart count was set to 0 by default.
> >
> >
> > > diff --git a/package/system/rpcd/files/rpcd.init
> > > b/package/system/rpcd/files/rpcd.init
> > > index 77ebcbe6cb..b1061b906c 100755
> > > --- a/package/system/rpcd/files/rpcd.init
> > > +++ b/package/system/rpcd/files/rpcd.init
> > > @@ -12,6 +12,7 @@ start_service() {
> > >
> > > procd_open_instance
> > > procd_set_param command "$PROG" ${socket:+-s "$socket"}
> > > ${timeout:+-t "$timeout"}
> > > + procd_set_param respawn ${respawn_retry:-0}
> > >
> >
> > IMHO this is probably not correct as well, that respawn param is
> > "array" of
> > [threshold, timeout, retry] params, so this probably sets
> > `respawn_threshold` to
> > 0, not `respawn_retry` as intended.
> >
>
> I was not aware of the fact that all parameters must be given!
> Sorry for that my fault!
>
> If so I would suggest to change change the line to:
>
> procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5}
> ${respawn_retry:-5}
I barely remember seeing such defaults in
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/system/procd/files/procd.sh;h=e8b1b6ffb7d3bf09725c2451813ca69fb4d74372;hb=HEAD#l395
>
>
> >
> > 1.
> > https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage
> >
> > -- ynezz
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> >
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list