Port-i386 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Please read if you use x86 -current



On Thu Nov 13 2008 at 07:56:43 -0500, Thor Lancelot Simon wrote:
> > > I agree. Yet, some file systems could be modularized. I'm thinking  
> > > about the MSDOSFS and NTFS code. Typically, those are used only for  
> > > sparse transfers with USB-keys, e.g. Including them permanently in the  
> > > kernel is a waste of resources.
> > 
> > I strongly advocate using rump_msdos(8) and rump_ntfs(8) for mounting
> > USB media.  USB sticks typically contain an untrusted file system, and
> > it is way too easy to construct an evil file system to crash/exploit
> > your system, if you run the file system code in the kernel.
> 
> Unfortunately, this requires giving user code access to raw disks, which
> poses essentially the same set of security risks in the long term.

How exactly did you arrive at that conclusion?

> With something like Elad's (abandoned?) code that enforced exclusive use
> of potentially overlapping disks/partitions we'd be better off.

How does disk partitioning protect against vulnerabilities in file
system code?


Home | Main Index | Thread Index | Old Index