Does DD-WRT sandbox/contain/isolate default processes?

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
OpenSource Ghost
DD-WRT User


Joined: 14 Feb 2022
Posts: 50
PostPosted: Thu Mar 07, 2024 12:19    Post subject: Does DD-WRT sandbox/contain/isolate default processes? Reply with quote
Some systems isolate system apps and processes from each other using sandboxes and containers for security purposes. Does DD-WRT do any of that? Does it use any kind of hardened memory allocator? CPU security mitigations? I keep thinking about GrapheneOS and whether it is possible to apply the same security hardening aspects to DD-WRT firmware. There is this nice guide here - https://madaidans-insecurities.github.io/guides/linux-hardening.html . SysCTL tweaks are easy to apply, but starting with section 2.3 (Boot Parameters) it becomes complicated, especially the parts about compiling. I'd like to know whether DD-WRT firmware supports the kind of hardening (other than simple SysCTL tweaks) mentioned in that guide.
Back to top View user's profile Send private message
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6447
Location: UK, London, just across the river..
PostPosted: Thu Mar 07, 2024 20:01    Post subject: Reply with quote
DDWRT is a single user system, what is the porpoise of the server or computer hardening ?
What sandbox are you talking about??
DDWRT is read only OS that contains a number of binaries and services that from their side can be vulnerable...there is no cubic isolation like or something else like...if someone takes over your router it will me very likely a very bad situation...and in my all experience with DDWRT when it happens is very likely set up error or drastic mistake user side...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1858
Location: Hung Hom, Hong Kong
PostPosted: Fri Mar 08, 2024 8:52    Post subject: Re: Does DD-WRT sandbox/contain/isolate default processes? Reply with quote
OpenSource Ghost wrote:
Some systems isolate system apps and processes from each other using sandboxes and containers for security purposes. Does DD-WRT do any of that?

You talking about Linux chroot() jail? Well, it's not that simple. Unbound DNS supports it partially. I dunno other processes.
_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Back to top View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum