mirror of
https://github.com/openwrt/openwrt.git
synced 2025-02-21 01:41:41 +00:00
442db0d6d8
The swconfig kernel infrastructure fails to do any permissions checks when changing settings. As such an ordinary user account on a device with a switch can change switch settings without any special permissions. Routers generally have few non-admin users so this isn't a big hole, but it is a security hole. Likely the greatest danger is for multifunction devices which have a lot of extra daemons, compromising a low-security daemon would allow one to modify switch settings and cause the router/switch to appear to lock-up (or cause other sorts of troublesome nyetwork behavior). Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any requests originating from user contexts lacking this capability. Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is the buildsystem for the LEDE Linux distribution. Please use "make menuconfig" to choose your preferred configuration for the toolchain and firmware. You need to have installed gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers. Run "./scripts/feeds update -a" to get all the latest package definitions defined in feeds.conf / feeds.conf.default respectively and "./scripts/feeds install -a" to install symlinks of all of them into package/feeds/. Use "make menuconfig" to configure your image. Simply running "make" will build your firmware. It will download all sources, build the cross-compile toolchain, the kernel and all choosen applications. To build your own firmware you need to have access to a Linux, BSD or MacOSX system (case-sensitive filesystem required). Cygwin will not be supported because of the lack of case sensitiveness in the file system. Sunshine! Your LEDE Community http://www.lede-project.org