tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How trustworthy is that I/O device?



Le 06/11/2013 23:32, Matt Thomas a écrit :
On Nov 6, 2013, at 2:24 PM, Warner Losh <imp%bsdimp.com@localhost> wrote:
Panic now to prevent crazy later. If the structures are
inconsistent, then relying on underlying assumptions in the code is
so unsafe we simply can't do it at all.  How do we know that going
to read-only doesn't create some kind of excess data disclosure
path?

What I am saying is that you shouldn't trust it.  We shouldn't have
underlying assumptions in the code.  We don't in the networking code.
Treat it as if it's probably trying to cause a denial of service.
I'm saying don't panic, either forcibly unmount or treat it as
uncacheable and read-only.

This is not specific to filesystems; this argument is also valid for all pluggable systems like USB, eSATA, ... And I agree.

--
Jean-Yves Migeon


Home | Main Index | Thread Index | Old Index