Page MenuHomePhabricator

Does Vyos take advantage of linux's improved security features?
Open, WishlistPublic

Description

most routers don't take advantage of Linux's improved security features

Is this something that should be looked into for Vyos ?

abstract:

Security hardening features such as ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), RELRO (RELocation Read-Only), and stack guards have been found to be missing in a recent security audit of 28 popular home routers.
"The absence of these security features is inexcusable"
The features discussed in this report are easy to adopt, come with no downsides, and are standard practices in other market segments (such as desktop and mobile software)

Researchers detailed this MIPS Linux bug in more detail in a separate research paper available
here

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

fromport triaged this task as Wishlist priority.Jan 6 2019, 2:49 PM
fromport created this task.
fromport created this object in space S1 VyOS Public.
c-po added a subscriber: c-po.Jan 6 2019, 5:24 PM
vyos@vyos:~$ show system kernel-messages | grep "Execute Disable" 
NX (Execute Disable) protection: active
hagbard added a subscriber: hagbard.EditedJan 6 2019, 5:49 PM

@c-po I have access to it, let me know if you need a pdf out of it.

@fromport
These mitigation techniques are all turned on/off via compiler flags and most of them are enabled enabled per default. ASLR on the kernel side is enabled since 2.6.25.

Your paper by the way is focusing on MIPS, an arch we currently do not support actively.