[Cerowrt-devel] Hmmm... Worth reading re router security

Dave Taht dave.taht at gmail.com
Sun Dec 16 22:02:46 EST 2018 

The mips stack is not executable on this

 -----------------------------------------------------
 OpenWrt 18.06.1, r7258-5eb055306f
 -----------------------------------------------------
root at edgerouterx:~# cat /proc/self/maps
00400000-0044c000 r-xp 00000000 fe:00 870        /bin/busybox
0045b000-0045c000 r-xp 0004b000 fe:00 870        /bin/busybox
0045c000-0045d000 rwxp 0004c000 fe:00 870        /bin/busybox
77ee7000-77f0a000 r-xp 00000000 fe:00 1014       /lib/libgcc_s.so.1
77f0a000-77f0b000 rwxp 00013000 fe:00 1014       /lib/libgcc_s.so.1
77f0b000-77f9d000 r-xp 00000000 fe:00 993        /lib/libc.so
77fa9000-77fab000 r--p 00000000 00:00 0          [vvar]
77fab000-77fac000 r-xp 00000000 00:00 0          [vdso]
77fac000-77fae000 rwxp 00091000 fe:00 993        /lib/libc.so
77fae000-77fb0000 rwxp 00000000 00:00 0
7f831000-7f852000 rw-p 00000000 00:00 0          [stack]
7ffff000-80000000 rwxp 00000000 00:00 0

On Sun, Dec 16, 2018 at 4:55 PM Dave Taht <dave.taht at gmail.com> wrote:
>
> Why is it so hard for a group like this to ALSO take a hard look at openwrt?
>
> I don't recall what compiler was used for 18.06, but my kernel is 4.14
> at least....
>
> friends don't let friends run factory firmware. All that said, I have
> no idea if present-day, prior-day openwrt currently addresses all the
> concerns in this report, and I forwarded it to the openwrt-devel list.
>
> I'd tried to get ahold of mudge and co dozens of times in the last 7
> years. Glad they finally paid attention.
>
> On Sun, Dec 16, 2018 at 4:41 PM David P. Reed <dpreed at deepplum.com> wrote:
> >
> > A look at home routers, and a surprising bug in Linux/MIPS - https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
> >
> >
> >
> > _______________________________________________
> > Cerowrt-devel mailing list
> > Cerowrt-devel at lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

More information about the Cerowrt-devel mailing list