Mar 5, 2020 19:54:49 Michael Jones :
> The flip side here is that rpcd likes to crash a lot.
0 (zero) bugs found https://bugs.openwrt.org/index.php?string=rpcd
> By preventing automatic restarts, you're all but ensuring that users will
> experience denial-of-service, even in the absence of malicious traffic.
Default respawn retry value was 5, now is infinite and this patch restores it
back to 5 respawns.
> Is rpcd subject to fuzz testing, to discover potential security issues
Not yet, it's planed. It's just one of the methods, you'll never be 100% sure
anyway.
> that makes limiting the restarts attractive?
"Any remote service which crashes is potentially exploitable; we have to assume
so, until we see the specific way it fails." -- Theo, OpenBSD
Recent real-world example from 36c3 in my previous email
http://lists.infradead.org/pipermail/openwrt-devel/2020-March/022014.html
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
