Mailinglist Archive: opensuse-factory (633 mails)

< Previous Next >
[opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Thu, 31 Jan 2019 22:14:21 -0000 (UTC)
  • Message-id: <q2vrvt$5dus$1@blaine.gmane.org>
On Thu, 31 Jan 2019 16:45:07 -0500, Jeff Mahoney wrote:

I think there's a misunderstanding here. The OS/2 modules aren't loaded
on millions of installations where it isn't needed. The autoloading
stuff doesn't load all of the file system modules -- it autoloads
modules as they're needed. The problem is that they can be triggered by
events that the admin generally wants to allow, like inserting a USB
device or allowing users to mount file systems manually (e.g.
singularity, or in containers). So say you have an unprivileged user
craft an hpfs file system that exploits a lack of input validation and
it escalates into privileged access.

Thanks for the clarification - that makes sense to me.

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >