On Thu, 31 Jan 2019 16:45:07 -0500, Jeff Mahoney wrote:
I think there's a misunderstanding here. The OS/2 modules aren't loaded on millions of installations where it isn't needed. The autoloading stuff doesn't load all of the file system modules -- it autoloads modules as they're needed. The problem is that they can be triggered by events that the admin generally wants to allow, like inserting a USB device or allowing users to mount file systems manually (e.g. singularity, or in containers). So say you have an unprivileged user craft an hpfs file system that exploits a lack of input validation and it escalates into privileged access.
Thanks for the clarification - that makes sense to me. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org