On 01/02/2019 18.22, Felix Miata wrote:
Jeff Mahoney composed on 2019-01-30 12:20 (UTC-0500):
there are a number of file systems that are uncommon, poorly maintained, and contain security issues
Is this theoretical, or real? IOW, is "poorly maintained" a label applied because of absence of "maintenance" that is a result absence of changes in a filesystem that was fully mature 20-30 years ago and thus needs no maintenance? Are the "security issues" known, or merely theoretical? If they are so little used, what real likelihood is there any attempt to use for an attack might manifest?
The attack could go like this: somebody comes with an USB stick with such a filesystem, and he knows of an exploitable issue; the usb is automatically mounted, and he performs the attack. So, even though the filesystem type is little used, the attack on anybody's machine is possible (even if that machine doesn't use the fs at all). Apparently some of the listed filesystems do have issues standing since years that nobody corrects. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)