[OpenWrt-Devel] [PATCH] rpcd: fix respawn settings

Michael Jones mike at meshplusplus.com
Thu Mar 5 15:00:29 EST 2020 

On Thu, Mar 5, 2020 at 1:41 PM Petr Štetiar <ynezz at true.cz> wrote:

>
>
> Mar 5, 2020 19:54:49 Michael Jones :
>
> > The flip side here is that rpcd likes to crash a lot.
>
> 0 (zero) bugs found https://bugs.openwrt.org/index.php?string=rpcd


Saying there are zero bugs on a bug tracker where issues go to be ignored
is not a convincing argument.

rpcd crashes for me daily, to the point where i have a script that restarts
it every 5 minutes.

It also gets hung a lot without crashing, and stops serving responses to
ubus traffic.

This is *only* with the UCI plugin, mind you. I don't use any of the other
ones.

If I create a bug report on flyspray, will it actually be looked at? Or
will I be talking to myself?

OpenWRT has a well-deserved reputation for user originated bug reports and
requests for help going ignored. I've asked dozens of questions over the
years on the forums that received no answer, and I've filed bugs that were
still open with no feedback from anyone, last I bothered to check (Note:
Not many of them have this email associated. I've worked many jobs that
involved openwrt in some way)

Note: I don't have any animosity about this. Volunteers are volunteers, I'm
not expecting anyone to do anything. I'm just saying that that's not a
valid argument unless or until the OpenWRT community engagement improves to
the point where the bug tracker and forum stop being echo chambers. Will
that happen? I don't know. Should it happen? I don't know.


> By preventing automatic restarts, you're all but ensuring that users will
> experience denial-of-service, even in the absence of malicious traffic.
>
> Default respawn retry value was 5, now is infinite and this patch restores
> it back to 5 respawns.
>

Right, which means that you're re-introducing the
denial-of-service-in-the-absence-of-traffic problem. I'm not saying that's
the wrong thing to do.

>
> > Is rpcd subject to fuzz testing, to discover potential security issues
>
> Not yet, it's planed. It's just one of the methods, you'll never be 100%
> sure anyway.
>

How can I help?

I don't accept that you can't be 100% certain. Tools like
https://klee.github.io/ can get you so close to 100% certainty that it's
effectively 100%.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200305/ae29565e/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list