tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Please read if you use x86 -current

On Thu, Nov 13, 2008 at 11:50:20AM +0200, Antti Kantee wrote:
> On Thu Nov 13 2008 at 10:22:43 +0100, vincent wrote:
> > 
> > Le 13 nov. 08 ? 10:15, Andrew Doran a ?crit :
> > 
> > >Every system must have those so there is no big incentive to  
> > >modularize
> > >them.
> > 
> > I agree. Yet, some file systems could be modularized. I'm thinking  
> > about the MSDOSFS and NTFS code. Typically, those are used only for  
> > sparse transfers with USB-keys, e.g. Including them permanently in the  
> > kernel is a waste of resources.
> I strongly advocate using rump_msdos(8) and rump_ntfs(8) for mounting
> USB media.  USB sticks typically contain an untrusted file system, and
> it is way too easy to construct an evil file system to crash/exploit
> your system, if you run the file system code in the kernel.

Unfortunately, this requires giving user code access to raw disks, which
poses essentially the same set of security risks in the long term.

With something like Elad's (abandoned?) code that enforced exclusive use
of potentially overlapping disks/partitions we'd be better off.

Thor Lancelot Simon                               
    "Even experienced UNIX users occasionally enter rm *.* at the UNIX
     prompt only to realize too late that they have removed the wrong
     segment of the directory structure." - Microsoft WSS whitepaper

Home | Main Index | Thread Index | Old Index