[OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP
Etienne Champetier
champetier.etienne at gmail.com
Thu Oct 1 06:37:24 EDT 2015
Hi,
2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <
kevin at darbyshire-bryant.me.uk>:
> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option. --dnssec-timestamp continues to
> work correctly.
>
I haven't really followed the previous discusion,
but maybe you can just use another signal?
>
> Enabling dnssec timechecks now requires restarting dnsmasq without
> the --dnssec-no-timecheck configuration option and closes a
> potential denial of service exploit by sending SIGHUP when system
> time does not correspond with Internet time.
>
>
> This change may be useful for future ntpd/dnsmasq hotplug integration.
>
>
> Signed-off-by: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
> ---
> .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch | 13
> +++++++++++++
> 1 file changed, 13 insertions(+)
> create mode 100644
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20151001/811d3e01/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list