True. Perhaps that makes it a moot issue for BB.
But I dont think it would hurt to be ahead of the curve in this day and age...
I am not the only one adding this latent protection to MIPS:
https://webrtc-codereview.appspot.com/994006/
https://gcc.gnu.org/ml/gcc-patches/2014-09/msg02430.html (source of my patch
submission which I emailed later when I finally cracked this)
http://lists.busybox.net/pipermail/uclibc/2014-August/048474.html
The trade-off might be giving people a false sense of protection, I guess. But
that could happen anyway once the fix meanders tghrough gcc upstream. Then
again, who else before me even bothered to scan their router files for this :-)
Of lower priority for OpenWRT mainstream, is a determined user could also
cherry-pick emulated NX protection from PAX.
When they google this problem they will at least find my work. Which was a
great learning exercise regardless. I blogged about it here -->
http://blog.oldcomputerjunk.net/
Anyways, up to you I guess. I am still learning this stuff. Its not like the
"experts" regularly get security stuff right...
cheers,
--Andrew
On 04/10/14 02:54, Felix Fietkau wrote:
On 2014-10-03 19:14, Catalin Patulea wrote:
On Wed, Oct 1, 2014 at 6:42 PM, Andrew McDonnell
<b...@andrewmcdonnell.net> wrote:
It seems that OpenWRT sets the relevant flag to require uClibc to build with
NOEXECSTACK set. This is good. (For one introduction to NOEXECSTACK, see
http://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart )
Does anything actually enforce NX on MIPS?
There are MIPS CPUs that support it, but my guess is that most of our
MIPS targets don't have any hardware support for it.
- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
