[Pkg-utopia-maintainers] Bug#1041552: HFS/HFS+ are insecure
Diederik de Haas
didi.debian at cknow.org
Sun Aug 27 11:30:28 BST 2023
On Sunday, 27 August 2023 02:34:04 CEST Marco d'Itri wrote:
> So I propose this content for a file like
> /usr/lib/udev/rules.d/75-insecure-fs.rules:
>
> # Do not automatically mount these file systems because their drivers are
> # marked as "orphan" or "odd fixes" in the kernel MAINTAINERS file and so
On Sunday, 23 July 2023 02:38:41 CEST Ben Hutchings wrote:
> I agree we should not have UDisks probing for any of the (many) kernel
> filesystems that aren't being actively maintained including responding
> to security issues.
While I agree that "orphan" does mean that it is NOT actively maintained,
AFAICT the situation is a bit more blurry for "odd fixes".
Previously not knowing about that status, I looked up the commits where the
status was set to "odd fixes" and found that for some the reason was that the
maintainer didn't have the hardware to test it themselves.
I do not think that's the same as 'unmaintained'.
The main reason I looked into this was the "jffs2" entry and for that there was
no reason given. But I know it is used in routers and SBCs and I saw recently
a patch come by related to that, which was accepted so should be part of the
6.6 kernel. Doing `gitk -- fs/jffs2/` also revealed that there were commits in
6.5, 6.4 and 6.3 at which point I stopped investigating that as it was clear
to me that it was anything but unmaintained.
Looking into MAINTAINERS, I also saw that `drivers/char/hw_random/` has the
"Odd fixes" status...
I'm not sure if it would actually result in unbootable systems, but I do think
a bit more care should be taken before blacklisting modules.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20230827/defc8ee7/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list