mirror/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2024-10-19 05:58:53 +02:00
Code Issues
OpenWrt Source Repository https://openwrt.org/
35,052 Commits 8 Branches 72 Tags 240 MiB
C 60.7%
Makefile 19.7%
Shell 7%
Roff 6.8%
Perl 2.6%
Other 3.1%
442db0d6d8
Go to file
Jo-Philipp Wich 442db0d6d8 kernel: deny swconfig set requests for unprivileged users 
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
config kernel: add missing symbol 2016-05-16 18:00:34 +02:00
docs build: Prevent more gzip timestamps 2015-07-14 09:57:45 +00:00
include image.mk: fix dependencies for legacy make prepare step 2016-06-07 16:22:28 +02:00
package swconfig: improve failure reporting 2016-06-11 00:51:22 +02:00
scripts treewide: replace jow@openwrt.org with jo@mein.io 2016-06-07 11:42:52 +02:00
target kernel: deny swconfig set requests for unprivileged users 2016-06-11 00:53:19 +02:00
toolchain treewide: replace nbd@openwrt.org with nbd@nbd.name 2016-06-07 08:58:42 +02:00
tools treewide: replace nbd@openwrt.org with nbd@nbd.name 2016-06-07 08:58:42 +02:00
.gitattributes
.gitignore build: add integration for managing opkg package feed keys 2015-04-06 19:39:51 +00:00
BSDmakefile
Config.in branding: add LEDE branding 2016-03-24 22:40:13 +01:00
feeds.conf.default feeds.conf.default: remove the commented ancient feeds 2016-04-20 17:19:08 +00:00
LICENSE
Makefile build: fix make clean, delete package directories for selected arch 2016-05-11 10:02:36 +02:00
README README: Update project README 2016-05-12 03:29:36 +02:00
rules.mk rules.mk: introduce new variable OUTPUT_DIR 2016-04-06 21:49:15 +02:00

README 

This is the buildsystem for the LEDE Linux distribution.

Please use "make menuconfig" to choose your preferred
configuration for the toolchain and firmware.

You need to have installed gcc, binutils, bzip2, flex, python, perl, make,
find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers.

Run "./scripts/feeds update -a" to get all the latest package definitions
defined in feeds.conf / feeds.conf.default respectively
and "./scripts/feeds install -a" to install symlinks of all of them into
package/feeds/.

Use "make menuconfig" to configure your image.

Simply running "make" will build your firmware.
It will download all sources, build the cross-compile toolchain, 
the kernel and all choosen applications.

To build your own firmware you need to have access to a Linux, BSD or MacOSX system
(case-sensitive filesystem required). Cygwin will not be supported because of
the lack of case sensitiveness in the file system.


Sunshine!
	Your LEDE Community
	http://www.lede-project.org