[OpenWrt-Devel] MIPS stack security and other problems

Hauke Mehrtens hauke at hauke-m.de
Tue Dec 18 06:46:55 EST 2018

On 12/17/18 1:54 AM, Dave Taht wrote:
> A pretty deep look at home MIPS and arm routers, and a surprising bug in Linux/MIPS - by mudge and co:
> https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
> I have no idea if current openwrt, or what prior releases... are subject to
> the problems they outline.

In the second paper "Build Safety of Software in 28 Popular Home Router"
[0] they checked the "security" of multiple popular devices, by checking
if they activate ASLR, Non stack Exec, Relro and stack guards. The best
device was the Linksys wrt32x and this is based on OpenWrt with not so
many modifications. ;-) Just something like Samba downgrade to 3.0.37.
The paper also wonders why the other Linksys devices like the wrt1900ac
are much worse, but they probably do not use OpenWrt or a much older
version. The GPL source code tar.gz of the Linksys wrt32x, begins with
cloning from https://github.com/openwrt/openwrt.git

It is also interesting how different this approve to security checking
is to what the German BSI published in the "BSI TR-03148: Secure
Broadband Router:" [1].
You can build a device which scores 100% in the one and 0% in the other,
there is no overlap. ;-)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20181218/067e8170/attachment.sig>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list