On 20/08/19 17:34, Rich Brown wrote:
Hi Vincent,
I don't know whether the article, or its underlying report from Cyber
Independent Testing Lab - CITL, is a joke or not. (Although, I'll agree that
any firmware using 18-year old kernels is on its face a security joke.)
My questions were more about OpenWrt. How would our current builds stack up
under the criteria used in the report's table? It listed:
- Stack Guards
- ASLR
- RELRO
- Fortify SRC
- Non-Exec Stack
And are there other security practices that we enforce that would make an
OpenWrt system more secure?
If OpenWrt compares favorably, it occurs to me that we could invite CITL to
review OpenWrt builds (on hundreds of routers) and update their report...
Thanks.
Rich
(up-to-date) OpenWrt compares very favorably to most stock firmware
regardless of any such features, (you could look up in the source to see if
those features are enabled or not by default in OpenWrt), as it is
simply using modern Linux kernel and userspace vs
decade old stuff that was also hacked to work with their own
low-code-quality proprietary drivers, running a web interface that
allows easy
code injection.
There is no point in inviting CITL to review OpenWrt per-se as it's a
third party firmware, most people don't even know what a firmware is,
much less installing it on a supported device.
It could make sense to have them review devices from manufacturers that
employ modern OpenWrt as stock firmware.
Afaik that's GL.Inet mostly, maybe others.
-Alberto
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
