Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat May 07, 2022 16:07 Post subject:
The only one who can give the definitive answer is BS himself.
My own toolchain uses musl and I am pretty sure that is also the case for native builds, but it is possible that some build targets e.g. Linksys WRT are still using uCLibc.
A good check probably is if you have /lib/libc.so it is compiled with musl if you have /lib/uClibc.so the build is compiled with uClibc
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat May 07, 2022 17:38 Post subject:
although its there, the exploit targets very limited scenario of not randomised fixed or predictable port....last DNSmasq was updated towards randomising of the source port...
"Exploitability of the issue depends exactly on these factors. As the function does not apply any explicit source port randomization, it is likely that the issue can easily be exploited in a reliable way if the operating system is configured to use a fixed or predictable source port...."
as well, i believe, this exploit refers to a blank/unencrypted DNS requests, so if you use no DNS caching, an encrypted DNS via SmartDNS, Unbound, Stubby(uses GetDNS) or DNScrypt you should be fine... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat May 07, 2022 20:12 Post subject:
kernel-panic69 wrote:
Some people really do not understand how the C library used to compile code affects things and it shows.
please elaborate...and back up with real examples...
otherwise we wont be able to learn from
kernel-master-69...
How exactly uCLibc (library for C) does effect DDWRT firmware? I have to admit i do not do C coding...
But, i do understand how DNS works...
Bear in mind, i did very carefully read the exploit scenario, looked at the wireshark and code examples and read about the rear chance of possibility of DNS poisoning...
As well how layer 7 DoH DNS, that most of the browsers have/use for DNS will behave...if those are affected at all....what is the benefit of DNS DoT or DoH, DNScrypt encryption? (if not to prevent DNS poisoning)
Nowhere at this article, its mentioned encrypted DNS load, but they do mention regular DNS requests over port 53 UDP...
"If the operating system applies randomization of source port (which is done by all OSs nowadays—for instance, modern Linux kernels use range 32768–60999), exploitability depends on the capacity of the attacker to bruteforce the 16 bit source port value by sending multiple DNS responses, while simultaneously winning the race against the legitimate DNS response. In this situation, exploitability depends on factors such as the bandwidth at disposal of the attacker, or on the response time of the DNS query. Additionally, it is more likely that an attacker will succeed at least once in performing a DNS poisoning attack if the target device performs a great number of identical queries in a given time frame, compared to a target that performs sporadic queries"
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sat May 07, 2022 22:04 Post subject:
This thread isn't about DD-WRT, it's about uClibc, hence why it's in General. If you read your own linked article under "Vulnerability Details", you would understand what I was getting at. Quite honestly, we do not know if MUSL libc is vulnerable or not at this point and currently, there is no CVE for uClibc or uClibc-ng. Stock firmware, Tomato, and AsusWRT-Merlin (for Broadcom devices) can't be fixed by switching to MUSL as far as I am aware, since the kernel has to be compiled with the same libc as the Broadcom binary object files; something that we don't have to contend with in DD-WRT (thankfully). _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat May 07, 2022 23:14 Post subject:
I always have a believe...those tasks regarding DNS are carried out by DNSmasq code and BS compiles the DDWRT kernel regarding it, as well he always puts fixes here and there...
and following the case, they talk about DNS function on IoT device, and those have small size firmware, where god knows what they use for resolving DNS...so, no wonder they are vulnerable...
and if you follow there is a solution to it...as well, musl functions, as they explain work in a different way and its not corrupted...
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sat May 07, 2022 23:49 Post subject:
Thanks for catching up, already found that before my last comment but chose not to edit it just because I want you to waste your time, especially after making a totally unrelated comment to begin with. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat May 07, 2022 23:59 Post subject:
I did't waste my time at all, as i said im eager to learn... ....but you didn't explained your bold claim/typing, nor you backed it up with anything that is not in the read/links...so, ill admit I just...missed to catch the train this time...but there is always another one to catch from your broad wisdom... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sun May 08, 2022 1:36 Post subject:
Alozaros wrote:
I did't waste my time at all, as i said im eager to learn...
READ: "eager to leech off others" (we're all a little guilty, lol!)
Alozaros wrote:
....but you didn't explained your bold claim/typing, nor you backed it up with anything that is not in the read/links...
Didn't have to explain or back anything up as it was clearly in the linked article you posted from the original article, but you completely overlooked it and you clearly do not understand the compiling process, whatsoever (I only know enough to be dangerous!).
Anyhow, I am eager to see a patch settled on as not everything can be fixed with migrating to MUSL because upstream development for most network appliances and IoT devices doesn't use it. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun May 08, 2022 11:21 Post subject:
A cursive search reveals some mipsel code using the lib, idk if that's still the case or if everything is using musl, since, old code and everything is kept for historic reasons.
Anywho, my target is definitely on musl, and that issue wont apply.
BS is quite busy anyway, I cant be bothered to ask, rather spend the time on more productive bits.
I'm sure that a really determined individual will find holes big enough to park a semi and a falcon rocket in pretty much all code under the sun and most HW.