On Mon, 23 Mar 2015, Jean-Michel Pouré - GOOZE wrote:
you would be horrified to look under the covers of most linux based appliances, a lot of them are running a stock redhat/centos install with very little customization outside of the userspace app that they run. Gaping security holes in such appliances are common.Yes, I agree with you. For example, DLink DGS-1210 products revision A1 are running a very old 2.6 Linux kernel and it could be very easy to penetrate, especially because no update is done on the firmware. All source code is available, so it is a matter of days before you understand how to break in. You probably only need to look at OpenSSL vulnerability list ... On the converse, we may discuss attack surface : a static kernel can have a very low attack surface. When it includes GrSec, it can become very difficult to penetrate. Hopefully ... DLink appliances are using GrSec. With current OpenWRT configuration, the attack would be Luci => Kernel module. I wonder if specialized companies offer "on the shelf" penetration tools for OpenWRT, but it would not be surprising. IMHO, with current penetration tools, not using GrSec or a static kernel or both is simply too low.
the bigger risk is default passwords and non-encrypted management. It doesn't matter if you are using grsecurity, SELinux, etc if your root account is "admin" "password" on every box ever shipped.
No matter how secure the box is, if it's never updated, within a few years there will be vulnerabilities known for it.
David Lang
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
