svn commit: r298664 - head/sys/fs/msdosfs
Pedro Giffuni
pfg at FreeBSD.org
Tue Apr 26 22:30:27 UTC 2016
On 04/26/16 16:17, Conrad Meyer wrote:
> On Tue, Apr 26, 2016 at 2:13 PM, Adrian Chadd <adrian.chadd at gmail.com> wrote:
>> You mean "hotplug mount a malicious USB disk via some installed
>> graphical enviornment?"
>>
>> NOone does that... :)
>
> Sure, but there the vulnerability is (IMO) that users are allowed to
> arbitrarily mount stuff. That's a huge attack surface and this fix
> only scratches the surface.
>
This is a plain bug, it may be nasty but not really a security
vulnerability.
If you give physical access to your system to an attacker you
probably have bigger problems than this.
> We do need to make filesystems more resilient to malice. AFL?
>
That is a good idea.
For reference:
https://lwn.net/Articles/637151/
Cheers,
Pedro.
More information about the svn-src-head
mailing list