Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory][PLEASE SPEAK UP] Disabling legacy file systems by default?
On Fri, 1 Feb 2019 12:22:12 -0500
Felix Miata <mrmazda@xxxxxxxxxxxxx> wrote:

Jeff Mahoney composed on 2019-01-30 12:20 (UTC-0500):

there are a number of
file systems that are uncommon, poorly maintained, and contain security
issues

Is this theoretical, or real? IOW, is "poorly maintained" a label applied
because of absence of
"maintenance" that is a result absence of changes in a filesystem that was
fully mature 20-30 years
ago and thus needs no maintenance?

Oh right. Such software totally does exist.

Are the "security issues" known, or merely theoretical?

Have you done security audit of the code? If not then it 99.99% has
security bugs.

If they
are so little used, what real likelihood is there any attempt to use for an
attack might manifest?


If the module is autoloaded for everyone then it is usable for an
attack even if the user never intended to use it in the first place.

Disabling the autoload makes the obscure filesystem much less rewarding
target for an attacker which actually improves security even for the
people who do use it.

Thanks

Michal
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References