Control: reassign -1 udisks2
Control: retitle -1 do not mount automatically unmaintained file systems
On Jul 20, md wrote:
> You are totally correct.
> Kernel team, please blacklist HFS/HFS+ for automounting.
As discussed on debian-devel@, this policy should not be handled by the
kernel because modules autoloading of file systems drivers should not be
disabled.
So I propose this content for a file like
/usr/lib/udev/rules.d/75-insecure-fs.rules:
# Do not automatically mount these file systems because their drivers are
# marked as "orphan" or "odd fixes" in the kernel MAINTAINERS file and so
# are more at risk of having security-sensitive defects which could be
# exploited by a crafted file system.
SUBSYSTEM!="block", GOTO="udisks_insecure_fs_end"
ENV{ID_FS_TYPE}=="affs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="ecryptfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="efs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="hfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="hfsplus", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="jffs2", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="jfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="qnx6", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="sysv", ENV{UDISKS_AUTO}="0"
LABEL="udisks_insecure_fs_end"
--
ciao,
Marco
Attachment:
signature.asc
Description: PGP signature