Hi Simon- I would challenge you to examine the feasibility of such a containment across the entirety of the storage subsystem as this ought to be a significant value add to SLES customers, not to mention openSUSE users. As far as I'm aware it is not necessary to disable features of a subsystem to eliminate its attack surface. Per my previous reply to Martin Wilck, I would not complain should all file systems be "made secure" however I don't think that is necessary as all file systems have already had or willl very likely have in the future a security vulnerability discovered such that work becomes necessary to correct the vulnerability. In lieu of addressing each insecure file systems through correction or disablement, the attack surface could be eliminated instead vis-à-vis some sort of virtualized layer between the subsystem and its connecting components. In lieu of a virtualized layer between the subsystem and its connecting components, I suppose disabling the file systems would eliminate the current risk, but does not address future risk to any sort of CVE bulletin or other discovery regarding file system vulnerability. I strongly recommend addressing the root cause of this attack surface rather than reducing the size of the surface itself. Best, Jim On Fri, 2019-02-01 at 17:22 +1030, Simon Lees wrote:
On 01/02/2019 05:35, Jim E Bonfiglio wrote:
Hi Jim- I do have several horses in this race, and while it may be sensible in the near-term it does not address the underlying issue of insecure file systems regardless of their implementation.
Per my previous reply, I strongly recommend the security risk be contained so that any file system regardless of its risks/vulnerabilities can be utilized. Pretty much all file systems have had or eventually will be a security risk regardless of implementation. Addressing this risk now should prevent future issues.
Best, Jim
Such a containment across every filesystem is likely not possible otherwise we would already have it, the maintainers of the subsystem care about it enough to make it as secure as possible, likely to remove attack surfaces across the whole subsystem you'd have to start disabling features that people care about and use. The only software with no attack surfaces is a piece of software not capable of doing anything.
Fixing the issues in existing implementations takes time and effort clearly no one is stepping up to do this on older filesystems and seen as they don't have a business case for it SUSE is also not investing in such fixes and as such is disabling such filesystems. I think in this case openSUSE would be wise to adopt the same practices (unless someone misteriously shows up in the community willing to work on addressing the existing issues).
--
Simon Lees (Simotek) http://simotek.net
Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org