csd-wrapper timeout 30 seconds

Daniel Lenski dlenski at gmail.com
Mon Jun 22 13:58:09 EDT 2020


I added that timeout in
https://gitlab.com/openconnect/openconnect/-/commit/cb83e535213ff2132643d2a68c50abc294b43b82

In all the cases I was aware of, the CSD/Trojan binary would either
complete execution fairly quickly and successfulyl (say, 15 seconds
max) or would hang forever. The 30 second timeout was added simply to
ensure that stuck CSD processes doing who-knows-what don't hang around
in the background.

If at all possible, you *shouldn't* be using csd-wrapper.sh, which
executes an untrusted black-box binary from the server, but rather
instead you should use csd-post.sh
(https://gitlab.com/openconnect/openconnect/-/blob/master/trojans/csd-post.sh)
which emulates the typical behavior of that binary.

Dan

On Mon, Jun 22, 2020 at 10:50 AM Grant Williamson <traxtopel at gmail.com> wrote:
>
> Hello All,
> the csd wrapper included with openconnect has a cstub default timeout
> of 30 seconds.
> Any reasons why 30 seconds is the default?
>
> Thanks,
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel



More information about the openconnect-devel mailing list