Re: How trustworthy is that I/O device?

To: Matt Thomas <matt%3am-software.com@localhost>, tech-security%netbsd.org@localhost
Subject: Re: How trustworthy is that I/O device?
From: Jean-Yves Migeon <jym%NetBSD.org@localhost>
Date: Fri, 08 Nov 2013 01:43:45 +0100

Le 06/11/2013 23:32, Matt Thomas a écrit :

On Nov 6, 2013, at 2:24 PM, Warner Losh <imp%bsdimp.com@localhost> wrote:

Panic now to prevent crazy later. If the structures are
inconsistent, then relying on underlying assumptions in the code is
so unsafe we simply can't do it at all.  How do we know that going
to read-only doesn't create some kind of excess data disclosure
path?


What I am saying is that you shouldn't trust it.  We shouldn't have
underlying assumptions in the code.  We don't in the networking code.
Treat it as if it's probably trying to cause a denial of service.
I'm saying don't panic, either forcibly unmount or treat it as
uncacheable and read-only.

This is not specific to filesystems; this argument is also valid for allpluggable systems like USB, eSATA, ... And I agree.


--
Jean-Yves Migeon

References:
- How trustworthy is that I/O device?
  - From: Erik Fair
- Re: How trustworthy is that I/O device?
  - From: Matt Thomas
- Re: How trustworthy is that I/O device?
  - From: Warner Losh
- Re: How trustworthy is that I/O device?
  - From: Matt Thomas

Prev by Date: Re: How trustworthy is that I/O device?
Next by Date: Re: How trustworthy is that I/O device?
Previous by Thread: Re: How trustworthy is that I/O device?
Next by Thread: Re: How trustworthy is that I/O device?
Indexes:

Home | Main Index | Thread Index | Old Index