Alternative router firmware distribution OpenWRT is seeing a vulnerability allowing its package manager to be MITM'd publicized (archived). OpenWRT's fork of opkg, used as a package manager and running as root, fails to check checksums when parsing package lists. Successful use of the MITM to place a payload opens the rest of the doors to ownership. Routing remains a live battleground.
 |
Qntra - Herald Of The Most Serene Republic |
I must argue that a package manager has little business of being in a live embedded system anyways. The question remains if the behavior of the image builder is the same which it might if the same package manager is used to build the image.
This is a point, and the possibility that this toolchain problem carried into building the images is very live.