On Fri, 2023-07-21 at 10:28 +0000, Bastien Roucariès wrote: > Long term solution will be to push under fuse these filesystem. > This a (short term)/(medium term band aid) solution. That still potentially exposes insecure code to untrusted data, just in a user context rather than a kernel context. The same goes for uml + fuse + namespaces, and even guestfs VMs. You can move the data and code to different contexts, but that doesn't change the fundamental issue. Disabling auto-mounting and for manual GUI mounts, requesting users confirm they trust the filesystem they are mounting would avoid that as much as is reasonably possible without entirely deleting the code and without breaking the use-cases of people who need the filesystem code. Of course sandboxing the code for those who need it is good too, so probably we need both, along with ways to disable the mitigations. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part