Re: HFS/HFS+ are insecure
- To: debian-devel@lists.debian.org
- Subject: Re: HFS/HFS+ are insecure
- From: Matthew Garrett <mjg59@srcf.ucam.org>
- Date: Fri, 21 Jul 2023 09:20:12 +0100
- Message-id: <[🔎] 20230721082012.GA19433@srcf.ucam.org>
- In-reply-to: <[🔎] ZLl1PLU938klkucC@bongo.bofh.it>
- References: <CAHk-=wi8XyAUF9_z6-oa4Ava6PVZeE-=TVNcFK1puQHpOtqLLw@mail.gmail.com> <ab7a9477-ddc7-430f-b4ee-c67251e879b0@app.fastmail.com> <2575F983-D170-4B79-A6BA-912D4ED2CC73@dubeyko.com> <46F233BB-E587-4F2B-AA62-898EB46C9DCE@dubeyko.com> <Y7bw7X1Y5KtmPF5s@casper.infradead.org> <50D6A66B-D994-48F4-9EBA-360E57A37BBE@dubeyko.com> <CACT4Y+aJb4u+KPAF7629YDb2tB2geZrQm5sFR3M+r2P1rgicwQ@mail.gmail.com> <ZLlvII/jMPTT32ef@casper.infradead.org> <2d0bd58fb757e7771d13f82050a546ec5f7be8de.camel@physik.fu-berlin.de> <[🔎] ZLl1PLU938klkucC@bongo.bofh.it>
On Thu, Jul 20, 2023 at 07:56:12PM +0200, Marco d'Itri wrote:
> Package: src:linux
> Severity: normal
>
> You are totally correct.
> Kernel team, please blacklist HFS/HFS+ for automounting.
Isn't this a userland policy decision? udisks will happily trigger a
module load for hfsplus if udev has identified it, and I don't think
there's a trivial mechanism for the kernel to disable that. I believe
the only way for the kernel to disable automounting would be to disable
the drivers entirely (which we don't want to do), so this probably needs
to be assigned elsewhere rather than being a linux bug.
(Or, alternatively, we could move hfs(+) support to FUSE and provide
extremely tight seccomp policies around them, and then drop kernel
support, but even though this has been talked about a bunch I haven't
seen anyone try to implement it)
Reply to: