Date: Tue, 26 Apr 2016 16:36:32 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: cem@FreeBSD.org Cc: Kristof Provost <kp@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <36e8fe15-2b0f-6d50-92ca-84f29d70df20@FreeBSD.org> In-Reply-To: <CAG6CVpVfOvV6z3WD3USN3W%2Bt7DYw3usB36QLNfTpo4RxoaSRcA@mail.gmail.com> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <CAG6CVpUxSrBZJ9GkpBrHCK12c%2BeWmP%2BnuQaoiKcN%2B%2BkTuvm2dA@mail.gmail.com> <CAJ-Vmo=42xj-G5hcV6ZHcr=BdnyV-R2y1HDbpJ3gmxyyMBdg4Q@mail.gmail.com> <CAG6CVpVfOvV6z3WD3USN3W%2Bt7DYw3usB36QLNfTpo4RxoaSRcA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/26/16 16:17, Conrad Meyer wrote: > On Tue, Apr 26, 2016 at 2:13 PM, Adrian Chadd <adrian.chadd@gmail.com> wrote: >> You mean "hotplug mount a malicious USB disk via some installed >> graphical enviornment?" >> >> NOone does that... :) > > Sure, but there the vulnerability is (IMO) that users are allowed to > arbitrarily mount stuff. That's a huge attack surface and this fix > only scratches the surface. > This is a plain bug, it may be nasty but not really a security vulnerability. If you give physical access to your system to an attacker you probably have bigger problems than this. > We do need to make filesystems more resilient to malice. AFL? > That is a good idea. For reference: https://lwn.net/Articles/637151/ Cheers, Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36e8fe15-2b0f-6d50-92ca-84f29d70df20>