[OpenWrt-Devel] Security implications for consideration [Was: Re: [openwrt/openwrt] rpcd: add respawn param]

Florian Eckert fe at dev.tdt.de
Wed Mar 4 05:50:15 EST 2020


Hi Petr

thanks for your investigation

> I simply would like to bring one important aspect for consideration.
> 
> By respawning any network facing service indefinitely we're giving 
> adversary
> infinite attempts for figuring out the way in, decreasing the purpose 
> of
> (expensive) ASLR etc. See "Remotely Compromising an iPhone through
> iMessage"[1] (48:41) for real world example.
> 
> I think, that the previous default (max 5 restarts?) was good enough, 
> ideally
> the timeout should be exponential in between those 5 restarts and I 
> wouldn't
> mind if the restart count was set to 0 by default.
> 
>> diff --git a/package/system/rpcd/files/rpcd.init 
>> b/package/system/rpcd/files/rpcd.init
>> index 77ebcbe6cb..b1061b906c 100755
>> --- a/package/system/rpcd/files/rpcd.init
>> +++ b/package/system/rpcd/files/rpcd.init
>> @@ -12,6 +12,7 @@ start_service() {
>> 
>>  	procd_open_instance
>>  	procd_set_param command "$PROG" ${socket:+-s "$socket"} 
>> ${timeout:+-t "$timeout"}
>> +	procd_set_param respawn ${respawn_retry:-0}
> 
> IMHO this is probably not correct as well, that respawn param is 
> "array" of
> [threshold, timeout, retry] params, so this probably sets 
> `respawn_threshold` to
> 0, not `respawn_retry` as intended.

I was not aware of the fact that all parameters must be given!
Sorry for that my fault!

If so I would suggest to change change the line to:

procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} 
${respawn_retry:-5}

> 
> 1.
> https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage
> 
> -- ynezz
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list