Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
Hi everyone- my apologies earlier for a message sent with the From name
as "Computer people". I made a mistake setting up Evolution with the
Account Information/Name and Required Information/Full Name labels in
English. Again, my apologies for any confusion that resulted from my
mistake.

Martin- I haven't seen your proposal you mentioned yesterday so it
appears that everything in this thread is theoretical rather than a
potentiality of an implementation. I am not suggesting that all file
systems should be "fixed"- though I certainly would not complain if
that was selected as a course of action, but by blacklisting some file
systems the attack surface is only reduced instead of eliminated.

To eliminate this risk of attack through the attack surface, I strongly
recommend encapsulating the storage subsystem such that this attack
surface does not exist. There are many methods of accomplishing this
task, however this area lies outside of my core competencies. I would
be doing the distribution a disservice by volunteering to attend to
this issue.

Further, I advocate for the addition of a use case where a disabled
file system is mounted or detected after boot, in addition to the
previously mentioned use case of a dual booted system.


Best, Jim




On Thu, 2019-01-31 at 22:04 +0100, Martin Wilck wrote:
On Thu, 2019-01-31 at 14:05 -0500, Jim E Bonfiglio wrote:
Hi Jim- I do have several horses in this race, and while it may be
sensible in the near-term it does not address the underlying issue
of
insecure file systems regardless of their implementation.

Per my previous reply, I strongly recommend the security risk be
contained so that any file system regardless of its
risks/vulnerabilities can be utilized. Pretty much all file systems
have had or eventually will be a security risk regardless of
implementation. Addressing this risk now should prevent future
issues.

So, what's your proposal for "containing the security risk", rather
than the blacklisting approach? Fixing all the file systems, and
keeping them maintained forever? Are you volunteering?

Regards,
Martin



--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread