[OpenWrt-Devel] MIPS stack security and other problems
John Crispin
john at phrozen.org
Mon Dec 17 17:49:19 EST 2018
On 17/12/2018 23:18, Dave Taht wrote:
> Rosen Penev <rosenp at gmail.com> writes:
>
>> On Sun, Dec 16, 2018 at 4:54 PM Dave Taht <dave at taht.net> wrote:
>>>
>>> A pretty deep look at home MIPS and arm routers, and a surprising
>>> bug in Linux/MIPS - by mudge and co:
>>>
>>> https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
>>>
>>> I have no idea if current openwrt, or what prior releases... are subject to
>>> the problems they outline.
>> As of kernel 4.14.88, I see the same problems.
> Well, I see that the stack, at least, on kernel 4.4.92 on mips and
> 4.14 on openwrt 18.06...
>
> is mapped rw only, with no execute bit.
>
> That doesn't mean the other other flaws discussed in the paper don't
> exist, but at least current openwrt HEAD is using the right gcc version
> to turn the right linkage on. Someone here with waaaay more expertise in
> the compiler, here, should take a hard look at this and the paper.
>
>
> root at lupin-jeff:~# cat /proc/self/maps
> 00400000-0044b000 r-xp 00000000 1f:04 879 /bin/busybox
> 0045b000-0045c000 rw-p 0004b000 1f:04 879 /bin/busybox
> 77182000-771a4000 r-xp 00000000 1f:04 611 /lib/libgcc_s.so.1
> 771a4000-771a5000 rw-p 00012000 1f:04 611 /lib/libgcc_s.so.1
> 771a6000-77238000 r-xp 00000000 1f:04 653 /lib/libc.so
> 77245000-77246000 r--p 00000000 00:00 0 [vvar]
> 77246000-77247000 r-xp 00000000 00:00 0 [vdso]
> 77247000-77249000 rw-p 00091000 1f:04 653 /lib/libc.so
> 77249000-7724b000 rwxp 00000000 00:00 0 # is this the heap?
> 7fe06000-7fe27000 rw-p 00000000 00:00 0 [stack]
>
>
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Dave,
too lazy to read thd pdf, in a nutshell whats the issue and what do we
need to do do to mitigate it ?
John
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list