Quoting Adam Borowski (kilobyte@???):
> Then there are local exploits. Ted Ts'o for example keeps fuzzying ext4 for
> years yet exploitable bugs still pop up frequently -- usually just DoS but
> arbitrary code execution isn't unheard of.
I've read a lot of e2fsprogs CVEs, and cannot recall any ever having
been _proved exploitable_ to allow arbitrary code execution. In a
number of cases, there have been bugs, generally buffer overflows, that
in theory could _possibly_ lead to arbitrary code execution that in
theory might exploit privileged code such as e2fsprogs mount code, thus
in theory possibly supporting privilege escalation.
Where I'm pretty sure you are massively exaggerating is by eliding the
necessary qualifiers 'in theory' and 'possibly' and claiming observed
paths to arbitrary code execution (leveraging privileged routines).
There is a gaping hole between 'buffer overflow that someone might
eventually figure out how to do bad things with' and 'arbitrary code
execution'.
If we're going to have realistic discussions of security on Dng, it
would help to forego 'Bad things are possible, ergo doomsday just
happened' rhetoric.
Concur that USB is a security Typhoid Mary. I would dearly love to see
hardware devices enforcing USB class identities on connected devices, so
that, say, a USB key drive can claim all it wants to be a USB HID-class
device rather than UMS-class, but isn't believed. Short of that, I'm
just really careful what hardware I permit.
Attacks relying on USB devices masquerading as a different class come up
fairly often on Schneier's blog, e.g.,
https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html
--
Cheers, "I am a member of a civilization (IAAMOAC). Step back
Rick Moen from anger. Study how awful our ancestors had it, yet
rick@??? they struggled to get you here. Repay them by appreciating
McQ! (4x80) the civilization you inherited." -- David Brin