[OpenWrt-Devel] [PATCH] rpcd: fix respawn settings
Karl Palsson
karlp at tweak.net.au
Thu Mar 5 06:18:02 EST 2020
Petr Štetiar <ynezz at true.cz> wrote:
> Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced
> infinite restarting of the service which could be reached over
> network.
Didn't we already decide that this wasn't the case?
This is not recommended security practice as it might
> give potential adversary infinite number of tries in case there
> might be some issue in the rpcd or its surrounding stack.
Sure, now it's a DoS instead :) It's always a tradeoff, but I
think you're glossing over the tradeoff here.
>
> So lets remove the currently bogus `respawn_retry` variable (it
> wasn't possible to override it anyway), reverting to the
> previous default max. of 5 service restarts which could be now
> overriden via system's UCI settings if desired.
>
> Cc: Jo-Philip Wich <jow at mein.io>
> Cc: Florian Eckert <fe at dev.tdt.de>
> Cc: Hauke Mehrtens <hauke at hauke-m.de>
> Fixes: 432ec292ccc8 ("rpcd: add respawn param")
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
> package/system/rpcd/files/rpcd.init | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/system/rpcd/files/rpcd.init
> b/package/system/rpcd/files/rpcd.init index
> 3e9ea5bbf329..f75d0e0f0eea 100755
> --- a/package/system/rpcd/files/rpcd.init
> +++ b/package/system/rpcd/files/rpcd.init
> @@ -12,7 +12,7 @@ start_service() {
>
> procd_open_instance
> procd_set_param command "$PROG" ${socket:+-s "$socket"} ${timeout:+-t "$timeout"}
> - procd_set_param respawn ${respawn_retry:-0}
> + procd_set_param respawn
> procd_close_instance
> }
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP-digital-signature.html
Type: application/pgp-signature
Size: 1175 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200305/d391603b/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list