[LEDE-DEV] Stability & release plans -- CVE-2016-5195
J Mo
jmomo at jmomo.net
Fri Oct 28 18:18:44 PDT 2016
On 10/28/2016 11:39 AM, yanosz wrote:
> 1. I'm unhappy with the state of OpenWRT at the moment. I see some
> trouble in building and releasing. The current code base has some bugs.
> I'ven't seen a fix for "mad cow" yet. For me it is hard to estimate
> whether OpenWRT is able to include, build and release critical patches
> over the next months in a timely fashion.
My impression is that CVE-2016-5195 (also known by it's marketing name
for low-intellect individuals as "dirty COW") is mostly a non-issue on
OpenWRT/LEDE. This is why you have not heard much about a response for it.
The exploit is a privilege escalation. However, almost everything on a
standard LEDE/OpenWRT system already runs as root anyway, since these
kinds of systems are not designed for multi-user scenarios.
Conversely, this exploit is a huge deal on Android for the very same
reason it's a non-issue on LEDE/OpenWRT.
More information about the Lede-dev
mailing list