:: Re: [DNG] gvfs depends on libsystem…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Adam Borowski
Date:  
À: dng
Sujet: Re: [DNG] gvfs depends on libsystemd0
On Sun, Apr 09, 2017 at 10:39:28PM +0000, Daniel Abrecht wrote:
> On 04/09/2017 08:01 PM, Steve Litt wrote:
> > On Sun, 09 Apr 2017 08:24:15 +0200
> > Joachim Fahrner <jf@???> wrote:
> >> without gvfs PCmanFM does not mount external usb drives
> >
> > Somewhere back in the archives I submitted a shellscript to
> > automatically mount thumb drives without a file manager.
>
> I think automatically mounting thumb drives is very different from
> mounting them when I klick on them in my file manager. Things like
> automatically mounting removable medias or even auto starting
> applications, I don't want that. What if I want to rescue a faulty
> thumb drives for example, automatically mounting it would could
> damage it even further. I think that Linux doesn't do or change things
> on it's own like Windows used to be a big strength of it.


Automatically mounting is a security hole. Last millenium, I've found a
kernel crasher in something as primitive as vfat upon mounting a tainted
floppy -- a looped directory was enough to kill Linux 2.0.30 and Win95.

Since then, security of filesystem drivers has vastly improved, but so has
complexity of filesystems. FAT is _trivial_ compared to anything modern.
I see no way even a maintained filesystem to be 100% resilient against DoS
by mounting a crafted volume -- and there's a good chance there'll be
arbitrary code execution as well. Unlike network code that's carefully
written to be secure, at considerable efficiency cost, no one really bothers
for this with filesystems. And even if someone did, it takes just one buggy
filesystem -- Debian/Devuan kernels enable support for such dubious stuff as
hfs or qnx4.

I also can't recall ever connecting a "data" USB thingy to an Unix box --
and I have an USB stick and two SD readers on my desk right now; it's all
installer media, ARM SoC disks, etc. Nothing for non-root to look at.

I don't think a regular user has any reason to mount a fancy filesystem.


--
⢀⣴⠾⠻⢶⣦⠀ Meow!
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second
⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!