Hi everyone- my apologies earlier for a message sent with the From name as "Computer people". I made a mistake setting up Evolution with the Account Information/Name and Required Information/Full Name labels in English. Again, my apologies for any confusion that resulted from my mistake. Martin- I haven't seen your proposal you mentioned yesterday so it appears that everything in this thread is theoretical rather than a potentiality of an implementation. I am not suggesting that all file systems should be "fixed"- though I certainly would not complain if that was selected as a course of action, but by blacklisting some file systems the attack surface is only reduced instead of eliminated. To eliminate this risk of attack through the attack surface, I strongly recommend encapsulating the storage subsystem such that this attack surface does not exist. There are many methods of accomplishing this task, however this area lies outside of my core competencies. I would be doing the distribution a disservice by volunteering to attend to this issue. Further, I advocate for the addition of a use case where a disabled file system is mounted or detected after boot, in addition to the previously mentioned use case of a dual booted system. Best, Jim On Thu, 2019-01-31 at 22:04 +0100, Martin Wilck wrote:

On Thu, 2019-01-31 at 14:05 -0500, Jim E Bonfiglio wrote:

...

Hi Jim- I do have several horses in this race, and while it may be sensible in the near-term it does not address the underlying issue of insecure file systems regardless of their implementation.

Per my previous reply, I strongly recommend the security risk be contained so that any file system regardless of its risks/vulnerabilities can be utilized. Pretty much all file systems have had or eventually will be a security risk regardless of implementation. Addressing this risk now should prevent future issues.

So, what's your proposal for "containing the security risk", rather than the blacklisting approach? Fixing all the file systems, and keeping them maintained forever? Are you volunteering?

Regards, Martin

-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org