Hello Gargoyle community!
Just wanted to warn and ask about Meltdown and Spectre for our routers with Gargoyle, as these security flaws could affect the ARM processors in them and could be exploited though SSH, for example See the official security report at meltdownattack(dot)com
As patches for Linux kernel are already available and they are enough to fix these bugs, could it be possible to include them in Gargoyle?
Cheers!
Meltdown and Spectre security patches
Moderator: Moderators
Re: Meltdown and Spectre security patches
Once patches are ported to LEDE, and then Gargoyle ported to LEDE. Sure.
What arbitrary code are you allowing to run on your router that makes you worry about this vulnerability?
Unless i am misunderstanding the whole issue, unless rogue code is allowed to run through some mechanism on your router it can't exploit the issue.
And if rogue code is running on your router, well that ship sailed a while ago.
What arbitrary code are you allowing to run on your router that makes you worry about this vulnerability?
Unless i am misunderstanding the whole issue, unless rogue code is allowed to run through some mechanism on your router it can't exploit the issue.
And if rogue code is running on your router, well that ship sailed a while ago.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Meltdown and Spectre security patches
Hi! I am not allowing any code in my router apart from Gargoyle, SSH server (auth with certs) and OpenVPH.
I just though that in other cases where SSH password could be stolen, then code could be run there. Or just a Javascript code injected anywhere, I don't know, just guessing use cases, not exacly mine.
But it is nice to know that Gargoyle is being ported to LEDE! And as I can see, part of OpenWRT now. They are working on patching these bugs: forum.lede-project(dot)org/t/security-meltdown-and-spectre-vulnerabilities-in-arm/10283/23
Thanks Lantis for your attention!
I just though that in other cases where SSH password could be stolen, then code could be run there. Or just a Javascript code injected anywhere, I don't know, just guessing use cases, not exacly mine.
But it is nice to know that Gargoyle is being ported to LEDE! And as I can see, part of OpenWRT now. They are working on patching these bugs: forum.lede-project(dot)org/t/security-meltdown-and-spectre-vulnerabilities-in-arm/10283/23
Thanks Lantis for your attention!