We have not examined any official OEM vendor firmware for patches related to uClibc and others that were recently made in other 3rd party firmware, but to wit: Netgear, TP-Link, and others who purvey a modified version of OpenWRT are using really OLD OpenWRT base code that may be vulnerable to more recently patched vulnerabilities. We don't know if even Voxel has modified the toolchain to accommodate the patches. We have patched toolchains and libraries for most vendor source trees, but they tend to ignore input from 3rd party outside the vendor or official development (FOXCONN, CyberTAN, etc.) when directly given. This is an ever-evolving target, anyway - and people focus on kernel versions in the name of "security" when there are "applicable vulnerabilities" that were introduced with newer code that doesn't 100% completely exist in older kernel code. Quite honestly, some of the features of OEM firmware can safely be removed and replaced with more security- and privacy-centric features that fit within the limitations of flash. Enjoy this witch hunt. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
@OpenSource Ghost, btw, just to illustrate my point, if you are significantly knowledgeable about Linux, you can roll your own wireless router using a spare x86/x64 PC with any Linux distro and a decent USB to WIFI adapter. There is nothing magic about what wrt is doing. It simply makes the process much easier and provides a user-friendly web ui. But with sufficient knowledge, or sufficient willingness to learn, any PC with any Linux distro can be turned into a wireless router.
wrt is effectively a minimalist Linux distribution designed to work on devices with very limited resources and configured out of the box to work as a wireless router with little manual configuration. There's no magic here that can't be done on any PC running Linux, though again, doing it from scratch with say, Debian or Fedora does require a lot of knowledge, or willingness to learn.
In fact, dd-wrt has an x86 build. So if you want to roll your own wireless router from an old PC or mini-pc or something? Well, you can do so and put dd-wrt on it as the OS. _________________ - Netgear R7800 -- OpenWRT 23.05.2
- Cellular modem with CGNAT
- SMB NAS with multiple users and private directories.
- USB hard disk plugged into router as NAS drive.
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Wed Feb 21, 2024 11:48 Post subject:
dale_gribble39 wrote:
This is an ever-evolving target, anyway - and people focus on kernel versions in the name of "security" when there are "applicable vulnerabilities" that were introduced with newer code that doesn't 100% completely exist in older kernel code. Quite honestly, some of the features of OEM firmware can safely be removed and replaced with more security- and privacy-centric features that fit within the limitations of flash. Enjoy this witch hunt.
I always wonder whether old Linux kernels and old versions of various Linux server apps are more secured, and more importantly, much more efficient. But we cannot ignore the grand encryption game.
Should a Linux kernel have so many features other than basic needs? Should it be re-written? _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
I always wonder whether old Linux kernels and old versions of various Linux server apps are more secured, and more importantly, much more efficient.
In rare cases, possibly, because they don't have new features that might introduce new security holes. But usually not because you also give up new security features such as address space layout randomization which helps protect against things like buffer overflow attacks. That and versions of the Linux kernel that are so old that they are no longer maintained will not get patched if security holes are found in them. That's the problem with the 3.x series of kernels that the official Netgear firmware uses. They are so old that they are no longer maintained. So any new security holes that are found in them will likely never get patched.
mwchang wrote:
Should a Linux kernel have so many features other than basic needs? Should it be re-written?
The merits of microkernels vs. monolithic kernels have been debated for decades and will not be solved here. But it's pretty clear which side of the fence Torvalds is on given his historic Usenet debate with Tanenbaum about the merits of Linux vs MINIX. Obviously, Linux won out, and MINIX and its microkernel are pretty much just a footnote in the history of open source software. _________________ - Netgear R7800 -- OpenWRT 23.05.2
- Cellular modem with CGNAT
- SMB NAS with multiple users and private directories.
- USB hard disk plugged into router as NAS drive.
