On Fri, 1 Feb 2019 12:22:12 -0500
Felix Miata
Jeff Mahoney composed on 2019-01-30 12:20 (UTC-0500):
there are a number of file systems that are uncommon, poorly maintained, and contain security issues
Is this theoretical, or real? IOW, is "poorly maintained" a label applied because of absence of "maintenance" that is a result absence of changes in a filesystem that was fully mature 20-30 years ago and thus needs no maintenance?
Oh right. Such software totally does exist.
Are the "security issues" known, or merely theoretical?
Have you done security audit of the code? If not then it 99.99% has security bugs.
If they are so little used, what real likelihood is there any attempt to use for an attack might manifest?
If the module is autoloaded for everyone then it is usable for an attack even if the user never intended to use it in the first place. Disabling the autoload makes the obscure filesystem much less rewarding target for an attacker which actually improves security even for the people who do use it. Thanks Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org