From owner-freebsd-stable@FreeBSD.ORG Sat Nov 25 12:21:02 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8D3CC16A407 for ; Sat, 25 Nov 2006 12:21:02 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id C82A443D5C for ; Sat, 25 Nov 2006 12:20:02 +0000 (GMT) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.62) with esmtp (envelope-from ) id <1GnwWN-000102-Gc>; Sat, 25 Nov 2006 13:20:39 +0100 Received: from e178050095.adsl.alicedsl.de ([85.178.50.95] helo=[192.168.1.128]) by inpost2.zedat.fu-berlin.de (Exim 4.62) with esmtpsa (envelope-from ) id <1GnwWN-0000R5-De>; Sat, 25 Nov 2006 13:20:39 +0100 Message-ID: <45683511.6030400@mail.zedat.fu-berlin.de> Date: Sat, 25 Nov 2006 13:20:33 +0100 From: "O. Hartmann" User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Scott Long References: <20061125013802.20B6E45054@ptavv.es.net> <45679F01.90708@samsco.org> In-Reply-To: <45679F01.90708@samsco.org> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Originating-IP: 85.178.50.95 Cc: David Malone , FreeBSD Stable , "O. Hartmann" Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Nov 2006 12:21:02 -0000 Scott Long wrote: > Kevin Oberman wrote: >>> Date: Fri, 24 Nov 2006 15:58:39 -0700 >>> From: Scott Long >>> Sender: owner-freebsd-stable@freebsd.org >>> >>> David Malone wrote: >>> >>>>> These two bugs are shown for FreeBSD only and I guess, Solaris and >>>>> other BSDs still use UFS. Are they more robust against this >>>>> exploit or type of exploit? >>>> >>>> I don't know of a concerted effort by anyone to improve UFS in this >>>> way. I would guess that the odd bug would have been resolved, but >>>> no large scale work. >>>> >>>> David. >>> Another thing to keep in mind is that filesystem mounting is only >>> available to the super-user. If a feature came along such as >>> automatically mounting USB drives, these bugs would indeed be critical. >>> But for now, they are not. >> >> Not on the base system, but Gnome 2.16 with hald running will mount a >> removable device automatically. The standard configuration of Gnome runs >> hald. Allowing user mounts of removable media is even formalized by the >> addition of /media to hier(7). I'm not sure this should simply be >> treated as not being significant. > > Would it be possible to restrict Gnome to only auto-mounting msdos and > cd9660 filesystems? > > Scott > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Sorry, if my question may sound heretic, but wouldn't it be more sophisticated solving the problem instead of disabling everything what could trigger the bug? Look, on many desktop systems, USB backup drives become very common, even eSATA backup solutions. I try to use those convenienc things eithe in lab or at home on my private machine. Mounting the file system is done via amd() and automatically as the file system gets accessed via its link point. Oliver