[OpenWrt-Devel] New "Security" wiki page. Improvements/corrections appreciated

Brian Smith brian at briansmith.org
Tue Dec 29 01:59:25 EST 2015


John Crispin <blogic at openwrt.org> wrote:

> Brian Smith wrote:
> >     https://wiki.openwrt.org/doc/devel/security
> >
> > The page is intended to be for OpenWrt developers, people doing custom
> > builds, and for people developing products on top of OpenWrt. Obviously,
> > I am a OpenWrt newb so I probably got a lot of things wrong and I
> > probably left a lot of things out. Any help improving the above page
> > would be appreciated.
> >
>
> Hi Brian,
>
> correct me if i am wrong but automatic fw upgrades in the field by
> controlled by openwrt is not a security feature but a rather insane
> idea. what makes you think that we would even want or consider doing so
> ?


John,

First, thanks for taking the time to read what I wrote on the wiki page.

IMO, most people would have time justifying the deployment of a SOHO router
that doesn't support automatic updates of some fashion, especially now that
so many alternatives that do automatically update exist. So, I want to find
a way to combine the openness of OpenWrt with the benefits of automatic,
silent, updates.

i like the fact that you trust me enough to give me full remote root
> access to your router and network but common, does that not ring some
> alarm bells ?


In the wiki page, I'd already written:

    Automatic updates rely on cryptographic signatures of the
    updates to ensure that the updates are from a trusted source;
    i.e. are not malicious. But, in a decentralized project like
    OpenWrt, there's no one person that can be trusted with the
    signing keys.

My intent was to express exactly the same idea as you expressed above.

Maybe it would be helpful to break the issue into two parts:

1. It would be a good idea for OpenWrt to have a framework that makes it
easy for vendors building products on top of OpenWrt to enable automatic
updates, where the vendor is responsible for building, signing, and
distributing the updates. The users have to trust the vendor, but this is
no different than today. I know there is nothing crazy or particularly
troublesome about this kind of thing, because it has been done many times.

2. It would be a good idea to find a way for people using OpenWrt to
automatically update their hardware from OpenWrt-sourced updates. On the
wiki page, I had also written:

    [...] Perhaps some kind of voting system for
    trustworthiness of updates; such a system would almost
    definitely depend on reproducible builds.

Perhaps you are skeptical that we could create a consensus system for
making updates sourced directly from OpenWrt safe. It's good to be
skeptical of that idea, because it is quite hard. I am very familiar with
how hard it is, because when I helped design and implement the automatic
update mechanisms for the Firefox web browser and the FirefoxOS phone OS, I
ran out of time to document or prototype it. However, I did think about
this problem a lot, because so many Firefox users are worried about evil
updates, and because I used to work on Firefox's SSL certificate stuff, and
IMO distributed consensus mechanisms are the solution to the fundamental
brokenness of "the CA system." I still don't have time to prototype my
ideas here yet. Even so, I think there's nothing fundamentally wrong with
the idea in the abstract. Some deployed examples of such distributed
consensus mechanisms include Google's Certificate Transparency support for
enhancing SSL certificate security, and Bitcoin. If there are people who
have time to prototype this stuff, I would be happy to share my ideas with
them.

Thanks again for the feedback. If you or others have more feedback on the
content of the wiki page, I would very much appreciate getting it.

Thanks,
Brian
-- 
https://briansmith.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20151228/11eb4646/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list