Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
Hi Jim,

Am 01.02.19 um 18:42 schrieb Jim E Bonfiglio:
Per my previous reply to Martin Wilck, I would not complain should all
file systems be "made secure" however I don't think that is necessary
as all file systems have already had or willl very likely have in the
future a security vulnerability discovered such that work becomes
necessary to correct the vulnerability.

The file systems discussed here for blacklisting are rather obscure
fringe use cases, and as such they have only relatively few users (*and
developers*) who will be willing and able to fix such problems.

All the "big" file systems are actively maintained and get regular
reviews, audits and fixes from upstream. That's the difference.

In lieu of addressing each
insecure file systems through correction or disablement, the attack
surface could be eliminated instead vis-à-vis some sort of virtualized
layer between the subsystem and its connecting components.

Go ahead and do that. Do not talk about it. Do it.
And make sure it performs well and gets accepted upstream.

This mailing list is not really the correct place to discuss redesigning
the Linux Kernel VFS layer.

In lieu of a virtualized layer between the subsystem and its connecting
components, I suppose disabling the file systems would eliminate the
current risk, but does not address future risk to any sort of CVE
bulletin or other discovery regarding file system vulnerability. I
strongly recommend addressing the root cause of this attack surface
rather than reducing the size of the surface itself.

Do it.
And make sure it performs well and gets accepted upstream.

There is a reason the Linux Kernel is implemented as it is. Textbooks
often say that it should be done different. But still the Linux Kernel
is quite a success story.

(my signature quote fits surprisingly well today :)
--
Stefan Seyfried

"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
Follow Ups