LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openwrt

openwrt

Posted Mar 6, 2008 22:47 UTC (Thu) by tetromino (subscriber, #33846)
In reply to: openwrt by ssam
Parent article: Authentication bypass in routers 

Yes, by virtue of not including any kind of web interface :)

(Log in to post comments)

openwrt

Posted Mar 7, 2008 0:59 UTC (Fri) by afalko (subscriber, #37028) [Link] 

Correct me if I am wrong, but openwrt does come with an interface --- at least when I tried it
two years ago. The difference I guess is that openwrt authenticates via apache (also correct
me if I wrong; my memory from two years ago is probably butchered up by now) or you can make
it authenticate via apache :).

openwrt

Posted Mar 7, 2008 1:29 UTC (Fri) by tetromino (subscriber, #33846) [Link]

Openwrt never used apache. The historical "White Russian" versions of openwrt (all those released before spring 2007) included a web interface that was implemented in shell script. Frankly, I would be surprised if the thing had no security issues.

However, modern "Kamikaze" releases of openwrt have no web interface at all; you configure them by ssh'ing in and editing config files, just like on a normal Linux server.

openwrt

Posted Mar 7, 2008 13:48 UTC (Fri) by jengelh (subscriber, #33263) [Link] 

There is X-Wrt/webif² built ontop of OpenWRT/Kamikaze — and it uses HTTP Authentication with
cookies. All good.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds