Re: HFS/HFS+ are insecure
If an official procedure to disable the driver completely is documented
and hosted from an official debian server it would be, in my opinion,
an acceptable solution.
Users would have a copy-pastable procedure to disable HFS if the risk
is intolerable to them, sysadmin would have an official page to explain
why they disabled it and having users disabling a driver might add
leverage to potential effort to port this file system support out of
kernel with FUSE.
Le vendredi 21 juillet 2023 à 09:20 +0100, Matthew Garrett a écrit :
> On Thu, Jul 20, 2023 at 07:56:12PM +0200, Marco d'Itri wrote:
> > Package: src:linux
> > Severity: normal
> >
> > You are totally correct.
> > Kernel team, please blacklist HFS/HFS+ for automounting.
>
> Isn't this a userland policy decision? udisks will happily trigger a
> module load for hfsplus if udev has identified it, and I don't think
> there's a trivial mechanism for the kernel to disable that. I
> believe
> the only way for the kernel to disable automounting would be to
> disable
> the drivers entirely (which we don't want to do), so this probably
> needs
> to be assigned elsewhere rather than being a linux bug.
>
> (Or, alternatively, we could move hfs(+) support to FUSE and provide
> extremely tight seccomp policies around them, and then drop kernel
> support, but even though this has been talked about a bunch I
> haven't
> seen anyone try to implement it)
>
Reply to: