[Pkg-utopia-maintainers] Bug#1041552: HFS/HFS+ are insecure
Michael Biebl
biebl at debian.org
Wed Jan 10 18:20:16 GMT 2024
On Sun, 27 Aug 2023 02:34:04 +0200 Marco d'Itri <md at Linux.IT> wrote:
> Control: reassign -1 udisks2
> Control: retitle -1 do not mount automatically unmaintained file systems
>
> On Jul 20, md wrote:
>
> > You are totally correct.
> > Kernel team, please blacklist HFS/HFS+ for automounting.
> As discussed on debian-devel@, this policy should not be handled by the
> kernel because modules autoloading of file systems drivers should not be
> disabled.
>
> So I propose this content for a file like
> /usr/lib/udev/rules.d/75-insecure-fs.rules:
>
> # Do not automatically mount these file systems because their drivers are
> # marked as "orphan" or "odd fixes" in the kernel MAINTAINERS file and so
> # are more at risk of having security-sensitive defects which could be
> # exploited by a crafted file system.
> SUBSYSTEM!="block", GOTO="udisks_insecure_fs_end"
>
> ENV{ID_FS_TYPE}=="affs", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="ecryptfs", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="efs", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="hfs", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="hfsplus", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="jffs2", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="jfs", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="qnx6", ENV{UDISKS_AUTO}="0"
> ENV{ID_FS_TYPE}=="sysv", ENV{UDISKS_AUTO}="0"
>
> LABEL="udisks_insecure_fs_end"
I asked udisks upstream for their input, see
https://github.com/storaged-project/udisks/issues/1239
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20240110/ed9a8c19/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list