Gargoyle Forum

Hello Gargoyle community!

Just wanted to warn and ask about Meltdown and Spectre for our routers with Gargoyle, as these security flaws could affect the ARM processors in them and could be exploited though SSH, for example See the official security report at meltdownattack(dot)com

As patches for Linux kernel are already available and they are enough to fix these bugs, could it be possible to include them in Gargoyle?

Cheers!

Once patches are ported to LEDE, and then Gargoyle ported to LEDE. Sure.

What arbitrary code are you allowing to run on your router that makes you worry about this vulnerability?
Unless i am misunderstanding the whole issue, unless rogue code is allowed to run through some mechanism on your router it can't exploit the issue.
And if rogue code is running on your router, well that ship sailed a while ago.

Hi! I am not allowing any code in my router apart from Gargoyle, SSH server (auth with certs) and OpenVPH.

I just though that in other cases where SSH password could be stolen, then code could be run there. Or just a Javascript code injected anywhere, I don't know, just guessing use cases, not exacly mine.

But it is nice to know that Gargoyle is being ported to LEDE! And as I can see, part of OpenWRT now. They are working on patching these bugs: forum.lede-project(dot)org/t/security-meltdown-and-spectre-vulnerabilities-in-arm/10283/23

Thanks Lantis for your attention!