On 12/17/18 1:54 AM, Dave Taht wrote: > > A pretty deep look at home MIPS and arm routers, and a surprising bug in > Linux/MIPS - by mudge and co: > > https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html > > I have no idea if current openwrt, or what prior releases... are subject to > the problems they outline.
In the second paper "Build Safety of Software in 28 Popular Home Router" [0] they checked the "security" of multiple popular devices, by checking if they activate ASLR, Non stack Exec, Relro and stack guards. The best device was the Linksys wrt32x and this is based on OpenWrt with not so many modifications. ;-) Just something like Samba downgrade to 3.0.37. The paper also wonders why the other Linksys devices like the wrt1900ac are much worse, but they probably do not use OpenWrt or a much older version. The GPL source code tar.gz of the Linksys wrt32x, begins with cloning from https://github.com/openwrt/openwrt.git It is also interesting how different this approve to security checking is to what the German BSI published in the "BSI TR-03148: Secure Broadband Router:" [1]. You can build a device which scores 100% in the one and 0% in the other, there is no overlap. ;-) Hauke [0]: https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf [1]: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03148/TR03148.pdf?__blob=publicationFile&v=2
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
