[OpenWrt-Devel] hardened openwrt & luci

Etienne Champetier champetier.etienne at gmail.com
Fri Jan 30 12:02:30 EST 2015


Hi

I've tested yesterday Openwrt CC (r44203) with all hardening options on
PKG_CC_STACKPROTECTOR_STRONG
KERNEL_CC_STACKPROTECTOR_STRONG
PKG_FORTIFY_SOURCE_2
PKG_RELRO_FULL

i've only done basic testing but it seems to work,
except luci which send me bad gatway.

I've seen some relro patches by jow, and was wondering what's the status of
this?
(i'm running openwrt on an ubnt rspro/ar71xx)

side note, doing an strace of uhttpd
open("/tmp/openwrt-cc/build_dir/target-mips_34kc_uClibc-0.9.33.2/ubus-2015-01-22/lua/../libubus.so",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/tmp/openwrt-cc/build_dir/target-mips_34kc_uClibc-0.9.33.2/ubus-2015-01-22/libubus.so",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("./libubus.so", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/lib/libubus.so", O_RDONLY) = 3
it's looking for the lib in the buildroot path

Thanks in advance
Etienne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150130/71ce1d2f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strace-uhttpd
Type: application/octet-stream
Size: 49263 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150130/71ce1d2f/attachment.obj>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list