Rich, OpenWrt is a Linux distro. It has all security as any other one. All CVE are timely addressed. There is no need for special tests.
вт, 20 авг. 2019 г. в 18:34, Rich Brown <[email protected]>: > > Hi Vincent, > > I don't know whether the article, or its underlying report from Cyber > Independent Testing Lab - CITL, is a joke or not. (Although, I'll agree that > any firmware using 18-year old kernels is on its face a security joke.) > > My questions were more about OpenWrt. How would our current builds stack up > under the criteria used in the report's table? It listed: > > - Stack Guards > - ASLR > - RELRO > - Fortify SRC > - Non-Exec Stack > > And are there other security practices that we enforce that would make an > OpenWrt system more secure? > > If OpenWrt compares favorably, it occurs to me that we could invite CITL to > review OpenWrt builds (on hundreds of routers) and update their report... > > Thanks. > > Rich > > > On Aug 20, 2019, at 9:43 AM, Vincent Wiemann <[email protected]> > > wrote: > > > > Hi Rich, > > > > the article is a joke. I'm not talking about the researchers, but about > > citing a statement like: > > „However, those same firmware binaries did not employ other common security > > features like ASLR or stack guards, or did so only rarely,“ > > > > Look at the source-code of the mentioned vendors. They partially use 18 > > years old kernel code and > > Telnet-like management interfaces. > > > > Regards, > > > > Vincent > > > > > > On 20.08.19 13:21, Rich Brown wrote: > >> Hi folks, > >> > >> You've probably seen the Slashdot article about (lack of) security gains > >> in router firmware. > >> https://yro.slashdot.org/story/19/08/16/2050219/huge-survey-of-firmware-finds-no-security-gains-in-15-years > >> The original article on Security Ledger is at: > >> https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ > >> > >> Two questions: > >> > >> 1) Does anyone know if the researchers looked at OpenWrt? > >> > >> 2) If not, how would OpenWrt stable or snapshot have fared in the > >> analysis? Do we enable stack guards, ASLR, etc. on all builds? > >> > >> Thanks. > >> > >> Rich > >> _______________________________________________ > >> openwrt-devel mailing list > >> [email protected] > >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel > >> > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
