Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?


On 01/02/2019 05:35, Jim E Bonfiglio wrote:
Hi Jim- I do have several horses in this race, and while it may be
sensible in the near-term it does not address the underlying issue of
insecure file systems regardless of their implementation.

Per my previous reply, I strongly recommend the security risk be
contained so that any file system regardless of its
risks/vulnerabilities can be utilized. Pretty much all file systems
have had or eventually will be a security risk regardless of
implementation. Addressing this risk now should prevent future issues.


Best, Jim


Such a containment across every filesystem is likely not possible
otherwise we would already have it, the maintainers of the subsystem
care about it enough to make it as secure as possible, likely to remove
attack surfaces across the whole subsystem you'd have to start disabling
features that people care about and use. The only software with no
attack surfaces is a piece of software not capable of doing anything.

Fixing the issues in existing implementations takes time and effort
clearly no one is stepping up to do this on older filesystems and seen
as they don't have a business case for it SUSE is also not investing in
such fixes and as such is disabling such filesystems. I think in this
case openSUSE would be wise to adopt the same practices (unless someone
misteriously shows up in the community willing to work on addressing the
existing issues).

--

Simon Lees (Simotek) http://simotek.net

Emergency Update Team keybase.io/simotek
SUSE Linux Adelaide Australia, UTC+10:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
Follow Ups