Hi Rich, the article is a joke. I'm not talking about the researchers, but about citing a statement like: „However, those same firmware binaries did not employ other common security features like ASLR or stack guards, or did so only rarely,“
Look at the source-code of the mentioned vendors. They partially use 18 years old kernel code and Telnet-like management interfaces. Regards, Vincent On 20.08.19 13:21, Rich Brown wrote: > Hi folks, > > You've probably seen the Slashdot article about (lack of) security gains in > router firmware. > https://yro.slashdot.org/story/19/08/16/2050219/huge-survey-of-firmware-finds-no-security-gains-in-15-years > The original article on Security Ledger is at: > https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ > > Two questions: > > 1) Does anyone know if the researchers looked at OpenWrt? > > 2) If not, how would OpenWrt stable or snapshot have fared in the analysis? > Do we enable stack guards, ASLR, etc. on all builds? > > Thanks. > > Rich > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
