Someone needs to let the dev's of sgminer know also because I think I read somewhere that they are pulling from kalroth github ...
Veox selectively pulls from my branch, at least he used to when I was more active. Regardless, this is a minor change to the client and it is easy to implement.
I'm more worried about the stratum server software, if this exploit really is so widespread.
Regardless, I made a quick fix to my branch and the binaries on my page are also updated.
https://github.com/Kalroth/cgminer-3.7.2-kalroth/commit/d78f8c896010049a06275db13a2816c0e201e41ehttp://k-dev.net/cgminer/QUICK FIX: I've added a --no-client-reconnect command to disable the 'client.reconnect'
stratum functionality in the client. It looks like there's an exploit that abuses said command,
but it is still not clear exactly how.
There's also an additional message when the reconnect happens: "WARNING: POTENTIAL
CLIENT.EXPLOIT!", but it requires you to be actively monitoring your log to catch it, and in
which case you already get a "Reconnect requested from Pool 0 to 127.0.0.1" message.
Note that disabling 'client.reconnect' might affect some pools that rely on the feature, like
pools that you lease your rig to.
Oh and this is dry-coded. :)