Improved clarity of dependencies by adding example of how to install dependencies using apt-get. It was not clear whether `autoreconf -i` would install the dependencies or not. And how to install the dependencies if a user doesn't know how.
In this case it doesn't, since the function is only used for config
parsing (I hope). Add the check to prevent a memory leak, just in
case this changes in the future.
TODO: Option parsing functions should really be moved elsewhere and
renamed appropriately, like set_opt_kernel() or config_set_kernel(),
if config parsing is to remain as-is. It will probably change
drastically, so leaving as-is for now.
This reverts commit 8dd1c2d4af.
Introduced a security bug: since CCAN/opt is used to parse the JSON
config (something it is not meant to do), it was possible to specify
the default of
"api-listen":false
in .conf and expect the API to be disabled. However, since CCAN/opt
does not check for parameters to OPT_WITHOUT_ARG, this got set to
true anyway, and enabled the API on a (possibly unfirewalled) network.
For this reason, configuration options are not named uniformly.
This should have been reverted as soon as it became known:
4c4b909be6 (Fri Feb 28)
Sorry for that.
It looks like there's an exploit that abuses said command, but it is still not clear exactly how.
There's also an additional message when the reconnect happens: "WARNING: POTENTIAL CLIENT.EXPLOIT!", but it requires you to be actively monitoring your log to catch it, and in which case you already get a "Reconnect requested from Pool 0 to 127.0.0.1" message.
Note that disabling 'client.reconnect' might affect some pools that rely on the feature, like pools that you lease your rig to.
Oh and this is dry-coded. :)
There are no other kernels, and differentiating kernels in the future
should be done in a universal way, preferably not by choosing a function.
Note how queue_kernel() is used (passed as function reference).