[OpenWrt-Devel] Did they check security of OpenWrt?
Alberto Bursi
bobafetthotmail at gmail.com
Tue Aug 20 19:29:46 EDT 2019
On 21/08/19 00:24, Rich Brown wrote:
>
>> On Aug 20, 2019, at 5:32 PM, Rosen Penev <rosenp at gmail.com
>> <mailto:rosenp at gmail.com>> wrote:
>> ... Issues are more nuanced than this though. These same people
>> several months ago mentioned a serious ASLR weakness with MIPS.
>> Patches went in the kernel for it.
>
> Does this mean that snapshot builds (with current kernels) now protect
> against that MIPS vulnerability? What about the stable builds?
>
ASLR is not enabled on OpenWrt (as I said in a mail a few seconds ago)
so any vulnerability in ASLR is irrelevant.
>
>
> What statements/assertions can we make about whether these are used to
> create release or snapshot builds? Thanks to all who can contribute info.
>
>
In my other message I pointed to the source of the build system with the
default options for various stuff.
The same hardening options are used for both release and snapshot
releases afaik.
They differ only in default package selection (and on source version
used of course)
-Alberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20190821/fefa4c50/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list