[OpenWrt-Devel] [PATCH] rpcd: fix respawn settings

Michael Jones mike at meshplusplus.com
Thu Mar 5 13:54:13 EST 2020


On Thu, Mar 5, 2020 at 5:35 AM Petr Štetiar <ynezz at true.cz> wrote:

> Karl Palsson <karlp at tweak.net.au> [2020-03-05 11:18:02]:
>
> > > Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced
> > > infinite restarting of the service which could be reached over
> > > network.
> >
> > Didn't we already decide that this wasn't the case?
>
> < jow> ubus itself has no network transport
> < jow> it is reachable via http://.../ubus in case uhttpd-mod-ubus is
> installed (not the default) or via http://.../cgi-bin/luci/admin/ubus
> (default)
> < jow> the latter emulates uhttpd-mob-ubus in Lua code
> < jow> it takes incoming http requests, parses the body json and invokes
> ubus via libubus
>
> I understand this as Yes, it is available over network.
>
> > Sure, now it's a DoS instead :) It's always a tradeoff, but I
> > think you're glossing over the tradeoff here.
>
> Secure by default.
>
> -- ynezz
>
>
The flip side here is that rpcd likes to crash a lot.

By preventing automatic restarts, you're all but ensuring that users will
experience denial-of-service, even in the absence of malicious traffic.

Is rpcd subject to fuzz testing, to discover potential security issues that
makes limiting the restarts attractive?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200305/434e0ae8/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list