FS#1005 - sysupgrade should stop network service #5953
Comments
|
por: Stopping the network would make it harder to investigate a failed sysupgrade ... |
|
pprindeville:
Not really. Sshd and telnetd are stopped, so you can't get in. What's the point of a box that only responds to pings and nothing else? At least with stopping the network, you can be sure that the box won't be DoS'ed or packet-o-death'd halfway through the upgrade. |
|
bjonglez: Actually, responding to ping is already a useful indication: it means that the device is still sysupgrading. When it stops pinging, it means that sysupgrade is done and the device is rebooting. |
|
pprindeville:
There's still the packet-o-death vulnerability. |
pprindeville:
Supply the following if possible:
Applicable to all devices using the generic sysupgrade.
Seen on LEDE head.
To reproduce:
scp over a new .img file
upgrade it as "sysupgrade -v xyzzy.img"
While that's running, you'll be able to ping the router, but if you do an http connection to it, it will be reset.
What would be simpler would be doing a "/etc/init.d/network stop" just after killing off all services (including web servers).
This would make it easier to add scripting which auto-detects when the upgrade has completed by reconnecting after a reasonable wait (and retrying as necessary).
The text was updated successfully, but these errors were encountered: