[OpenWrt-Devel] Building OpenWRT static kernels
Jean-Michel Pouré - GOOZE
jmpoure at gooze.eu
Mon Mar 23 13:05:04 EDT 2015
Le lundi 23 mars 2015 à 16:21 +0100, Jonas Gorski a écrit :
> This is currently not easily possible with OpenWrt, as it contains
> several "out-of-tree" kernel modules, which aren't part of the kernel
> sources and thus can't be statically linked into the kernel. For
> example all wifi drivers are build this way, to use newer driver
> versions with older / "stable" kernel versions.
> For those build from the kernel sources, you could probably change all
> CONFIG_FOO to CONFIG_FOO=y in package/kernel/linux/modules/*, which
> will then make those modules built-in. But this won't work for the out
> of tree modules.
OK. So what kind of security offer OpenWRT to prevent an attacker from
loading modules into the kernel?
I will try a static compilation and report.
For information, D-Link routers from the GS-1210 line are compiled with
static modules AND GrSec to offer memory randomization and prevent
dynamic loading of modules. I don't know how many professional products
are compiled with static modules, but my thumbs say "most of them".
The big interest behind OpenWRT is that you can compile everything on
your own, which is quite marvelous today.
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel