Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory][PLEASE SPEAK UP] Disabling legacy file systems by default?
On 01/02/2019 18.22, Felix Miata wrote:
Jeff Mahoney composed on 2019-01-30 12:20 (UTC-0500):

there are a number of
file systems that are uncommon, poorly maintained, and contain security
issues

Is this theoretical, or real? IOW, is "poorly maintained" a label applied
because of absence of
"maintenance" that is a result absence of changes in a filesystem that was
fully mature 20-30 years
ago and thus needs no maintenance? Are the "security issues" known, or merely
theoretical? If they
are so little used, what real likelihood is there any attempt to use for an
attack might manifest?

The attack could go like this: somebody comes with an USB stick with
such a filesystem, and he knows of an exploitable issue; the usb is
automatically mounted, and he performs the attack.

So, even though the filesystem type is little used, the attack on
anybody's machine is possible (even if that machine doesn't use the fs
at all).


Apparently some of the listed filesystems do have issues standing since
years that nobody corrects.

--
Cheers / Saludos,

Carlos E. R.
(from 15.0 x86_64 at Telcontar)

< Previous Next >
References