[OpenWrt-Devel] Did they check security of OpenWrt?
Vincent Wiemann
vincent.wiemann at ironai.com
Tue Aug 20 09:43:04 EDT 2019
Hi Rich,
the article is a joke. I'm not talking about the researchers, but about citing a statement like:
„However, those same firmware binaries did not employ other common security
features like ASLR or stack guards, or did so only rarely,“
Look at the source-code of the mentioned vendors. They partially use 18 years old kernel code and
Telnet-like management interfaces.
Regards,
Vincent
On 20.08.19 13:21, Rich Brown wrote:
> Hi folks,
>
> You've probably seen the Slashdot article about (lack of) security gains in router firmware. https://yro.slashdot.org/story/19/08/16/2050219/huge-survey-of-firmware-finds-no-security-gains-in-15-years The original article on Security Ledger is at: https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
>
> Two questions:
>
> 1) Does anyone know if the researchers looked at OpenWrt?
>
> 2) If not, how would OpenWrt stable or snapshot have fared in the analysis? Do we enable stack guards, ASLR, etc. on all builds?
>
> Thanks.
>
> Rich
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list