Re: HFS/HFS+ are insecure

[Matthew Garrett <mjg59@srcf.ucam.org>]

On Sat, Jul 22, 2023 at 10:21:47AM +0200, Jonas Smedegaard wrote:
> Quoting Matthew Garrett (2023-07-22 09:54:59)
> > On Sat, Jul 22, 2023 at 03:41:58PM +0800, Paul Wise wrote:
> > > Disabling auto-mounting and for manual GUI mounts, requesting users
> > > confirm they trust the filesystem they are mounting would avoid that
> > > as much as is reasonably possible without entirely deleting the code
> > > and without breaking the use-cases of people who need the filesystem
> > > code. 
> > 
> > When is a user going to plug in a USB stick and *not* click that
> > button? 
> 
> When the user had plugged in a coworker's phone they were asked to please
> charge.

We're a long way down the social engineering chain there - I think that 
turns into a question of how many people are going to benefit from not 
automounting because of that case vs the number who benefit from the 
convenience under normal circumstances.