From owner-freebsd-security@FreeBSD.ORG  Tue Jun 10 03:38:45 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1725837B401; Tue, 10 Jun 2003 03:38:45 -0700 (PDT)
Received: from HAL9000.homeunix.com (ip114.bella-vista.sfo.interquest.net
	[66.199.86.114])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4D7C343F75; Tue, 10 Jun 2003 03:38:44 -0700 (PDT)
	(envelope-from das@FreeBSD.ORG)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.9/8.12.9) with ESMTP id h5AAcWPB015164;
	Tue, 10 Jun 2003 03:38:32 -0700 (PDT)
	(envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.9/8.12.9/Submit) id h5AAcUB3015163;
	Tue, 10 Jun 2003 03:38:30 -0700 (PDT)
	(envelope-from das@FreeBSD.ORG)
Date: Tue, 10 Jun 2003 03:38:30 -0700
From: David Schultz <das@FreeBSD.ORG>
To: Robert Watson <rwatson@FreeBSD.ORG>
Message-ID: <20030610103830.GC14407@HAL9000.homeunix.com>
Mail-Followup-To: Robert Watson <rwatson@FreeBSD.org>,
	zk <zk@wspim.edu.pl>, security@FreeBSD.org
References: <20030608080429.GA234@hhos.serious.ld>
	<Pine.NEB.3.96L.1030608115332.67632D-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.NEB.3.96L.1030608115332.67632D-100000@fledge.watson.org>
cc: security@FreeBSD.ORG
Subject: Re: Removable media security in FreeBSD
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2003 10:38:45 -0000

On Sun, Jun 08, 2003, Robert Watson wrote:
> On the "SECURE" front -- well, it depends a bit on how robust our file
> system support is.  Bad UFS file systems can cause the FreeBSD kernel to
> behave improperly, since it's assumed that file systems will be clean or
> explicitly checked before mounting.  I've never really experimented much
> with our FAT file system support to see how robust it is; we have a
> 5.2-RELEASE TODO list item to merge some robustness improvements from the
> Darwin implementation back into FreeBSD, which suggests our implementation
> could be improved on :-).

FAT is somewhat less robust than UFS.  In particular, its handling
of media errors can lead to a tight loop in at least one place and
a null pointer dereference in another.  Improvements from Darwin
would be much appreciated.  I would be interested in knowing the
licensing issues involved, if any.