[OpenWrt-Devel] MIPS stack security and other problems
Dave Taht
dave at taht.net
Mon Dec 17 17:18:10 EST 2018
Rosen Penev <rosenp at gmail.com> writes:
> On Sun, Dec 16, 2018 at 4:54 PM Dave Taht <dave at taht.net> wrote:
>>
>>
>> A pretty deep look at home MIPS and arm routers, and a surprising
>> bug in Linux/MIPS - by mudge and co:
>>
>> https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
>>
>> I have no idea if current openwrt, or what prior releases... are subject to
>> the problems they outline.
> As of kernel 4.14.88, I see the same problems.
Well, I see that the stack, at least, on kernel 4.4.92 on mips and
4.14 on openwrt 18.06...
is mapped rw only, with no execute bit.
That doesn't mean the other other flaws discussed in the paper don't
exist, but at least current openwrt HEAD is using the right gcc version
to turn the right linkage on. Someone here with waaaay more expertise in
the compiler, here, should take a hard look at this and the paper.
root at lupin-jeff:~# cat /proc/self/maps
00400000-0044b000 r-xp 00000000 1f:04 879 /bin/busybox
0045b000-0045c000 rw-p 0004b000 1f:04 879 /bin/busybox
77182000-771a4000 r-xp 00000000 1f:04 611 /lib/libgcc_s.so.1
771a4000-771a5000 rw-p 00012000 1f:04 611 /lib/libgcc_s.so.1
771a6000-77238000 r-xp 00000000 1f:04 653 /lib/libc.so
77245000-77246000 r--p 00000000 00:00 0 [vvar]
77246000-77247000 r-xp 00000000 00:00 0 [vdso]
77247000-77249000 rw-p 00091000 1f:04 653 /lib/libc.so
77249000-7724b000 rwxp 00000000 00:00 0 # is this the heap?
7fe06000-7fe27000 rw-p 00000000 00:00 0 [stack]
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list