[LEDE-DEV] Stability & release plans -- CVE-2016-5195

J Mo jmomo at jmomo.net
Fri Oct 28 18:18:44 PDT 2016


On 10/28/2016 11:39 AM, yanosz wrote:
> 1. I'm unhappy with the state of OpenWRT at the moment. I see some
> trouble in building and releasing. The current code base has some bugs.
> I'ven't seen a fix for "mad cow" yet. For me it is hard to estimate
> whether OpenWRT is able to include, build and release critical patches
> over the next months in a timely fashion.

My impression is that CVE-2016-5195 (also known by it's marketing name 
for low-intellect individuals as "dirty COW") is mostly a non-issue on 
OpenWRT/LEDE. This is why you have not heard much about a response for it.

The exploit is a privilege escalation. However, almost everything on a 
standard LEDE/OpenWRT system already runs as root anyway, since these 
kinds of systems are not designed for multi-user scenarios.

Conversely, this exploit is a huge deal on Android for the very same 
reason it's a non-issue on LEDE/OpenWRT.




More information about the Lede-dev mailing list