Hello, Am 10/29/2016 um 03:18 AM schrieb J Mo: > > On 10/28/2016 11:39 AM, yanosz wrote: >> 1. I'm unhappy with the state of OpenWRT at the moment. I see some >> trouble in building and releasing. The current code base has some bugs. >> I'ven't seen a fix for "mad cow" yet. For me it is hard to estimate >> whether OpenWRT is able to include, build and release critical patches >> over the next months in a timely fashion. > > My impression is that CVE-2016-5195 (also known by it's marketing name > for low-intellect individuals as "dirty COW") is mostly a non-issue on > OpenWRT/LEDE. This is why you have not heard much about a response for it. > > The exploit is a privilege escalation. However, almost everything on a > standard LEDE/OpenWRT system already runs as root anyway, since these > kinds of systems are not designed for multi-user scenarios.
Depends :-). OpenWRT has a big package repository, offering dozens applications. I guess, that you're right for about > 80% of all OpenWRT users, but there are others. As far as I'm aware of, discussions on CVE-2016-5195 are taking place https://forum.openwrt.org/viewtopic.php?id=68181 so some people do care - some discussions are happening on openwrt-dev, too. However, I'm neither interested in discussing the impact of a local root exploit, nor the urgency for this kind of fix. I'm trying to estimate the liveliness and its future impact for OpenWRT. Take https://lists.openwrt.org/pipermail/openwrt-devel/2016-July/041987.html for instance. Please don't get me wrong: I'm not saying that OpenWRT is unable to do releases, but "KanjiMonster" statements, make me worry about the shape of OpenWRT-Setup when something bigger happens. Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
