Re: Physical access vulnerabilities and auto-mounting

[Hanno Böck <hanno () hboeck de>]

Am Tue, 22 Feb 2011 23:17:54 -0500
schrieb Dan Rosenberg <dan.j.rosenberg () gmail com>:

> Should this be considered a vulnerability?  Probably.  But what should
> be fixed?  Should auto-mounting be disabled entirely?  Is it no longer
> a vulnerability if auto-mounting is disabled only when the screen is
> locked?  Should all filesystems have graceful error handling for every
> possible edge case that can occur when dealing with corruption?

I'd say the later one. Filesystem drivers in the kernel should more or
less be treated like just another app that is able to read some kind of
"format". If the filesystem is corrupted, it should fail without
security impact.

As others already mentioned, the impact is not limited to automounting,
but also an issue for virtualzation (and maybe other cases we don't
think of yet).

Maybe it'd be a good idea to start a big fuzzing session on filesystems?

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description: