On 27/03/2015 14:37, John Crispin wrote: > > On 27/03/2015 13:45, Etienne Champetier wrote: >> Hi, >> >> >> 2015-03-27 10:42 GMT+01:00 John Crispin <[email protected] >> <mailto:[email protected]>>: >> >> OpenWrt service hardening and jailing >> ===================================== >> >> >> <...> >> >> >> If there are features that we are not aware of yet or that we forgot to >> list, then please let us know about them. >> >> Comments and ideas are welcome ... >> _______________________________________________ >>
Hi John, Thanks for the dnsmasq 'root' fix that I saw go through...not tested yet. A thought: Is there care needed here to cope with those configuration options that are very obviously exposed in Luci? For example: dnsmasq lease file defaults to /tmp/dhcp.leases *but* I tend to move that file to a USB storage location so it survives router reboots. As it stands it looks like the init script is unaware of picking up this config option and jailing the correct file, defaulting to /tmp/dhcp.leases. I can really see the security benefits to 'jail' though, great idea. Thanks for your time. Kevin
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
