Security changes - restricting uhttpd addresses
Nathan Lutchansky
lutchann at litech.org
Tue Oct 25 14:56:07 PDT 2022
On 10/25/22 5:34 PM, Peter Naulls wrote:
> On 10/25/22 17:25, Reuben Dowle wrote:
>
>> The issue of HTTP listening on all interfaces also came up in my
>> audit, but the auditors were happy with the explanation that the
>> firewall prevented any access through the WAN interface. If the
>> people auditing your system are only interested in security
>> 'theatre', then that is really a poor quality/incompetent audit process.
>
> Well, I agree. For clarity, years ago I had been through reviews with
> both
> Microsoft and Intel, with some combination of Ubuntu/OpenWrt, so had some
> expectation here. Those reviews turned up their share of nonsense, but
> things
> have changed I guess.
>
> My hands are tied, we gotta do the dance.
I mean this as gently as possible, but I think what a lot of us are
missing is the benefit to the OpenWrt project to carry an increased
maintenance burden in response to your internal requirements, which you
openly state add no value. Maybe your time is better spent fixing your
organization's processes, rather than trying to make volunteers
responsive to what we all agree are pointless requirements? -Nathan
More information about the openwrt-devel
mailing list