Your message dated Thu, 04 Jul 2024 05:42:05 +0000
with message-id <e1spfel-000kxl...@fasolo.debian.org>
and subject line Bug#1041552: fixed in udisks2 2.10.1-8
has caused the Debian Bug report #1041552,
regarding do not mount automatically unmaintained file systems
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1041552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Severity: normal
You are totally correct.
Kernel team, please blacklist HFS/HFS+ for automounting.
On Jul 20, John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> wrote:
> Hello!
>
> On Thu, 2023-07-20 at 18:30 +0100, Matthew Wilcox wrote:
> > On Thu, Jul 20, 2023 at 05:27:57PM +0200, Dmitry Vyukov wrote:
> > > On Thu, 5 Jan 2023 at 17:45, Viacheslav Dubeyko <sl...@dubeyko.com> wrote:
> > > > > On Wed, Jan 04, 2023 at 08:37:16PM -0800, Viacheslav Dubeyko wrote:
> > > > > > Also, as far as I can see, available volume in report (mount_0.gz)
> > > > > > somehow corrupted already:
> > > > >
> > > > > Syzbot generates deliberately-corrupted (aka fuzzed) filesystem
> > > > > images.
> > > > > So basically, you can't trust anything you read from the disc.
> > > > >
> > > >
> > > > If the volume has been deliberately corrupted, then no guarantee that
> > > > file system
> > > > driver will behave nicely. Technically speaking, inode write operation
> > > > should never
> > > > happened for corrupted volume because the corruption should be detected
> > > > during
> > > > b-tree node initialization time. If we would like to achieve such nice
> > > > state of HFS/HFS+
> > > > drivers, then it requires a lot of refactoring/implementation efforts.
> > > > I am not sure that
> > > > it is worth to do because not so many guys really use HFS/HFS+ as the
> > > > main file
> > > > system under Linux.
> > >
> > >
> > > Most popular distros will happily auto-mount HFS/HFS+ from anything
> > > inserted into USB (e.g. what one may think is a charger). This creates
> > > interesting security consequences for most Linux users.
> > > An image may also be corrupted non-deliberately, which will lead to
> > > random memory corruptions if the kernel trusts it blindly.
> >
> > Then we should delete the HFS/HFS+ filesystems. They're orphaned in
> > MAINTAINERS and if distros are going to do such a damnfool thing,
> > then we must stop them.
>
> Both HFS and HFS+ work perfectly fine. And if distributions or users are so
> sensitive about security, it's up to them to blacklist individual features
> in the kernel.
>
> Both HFS and HFS+ have been the default filesystem on MacOS for 30 years
> and I don't think it's justified to introduce such a hard compatibility
> breakage just because some people are worried about theoretical evil
> maid attacks.
>
> HFS/HFS+ mandatory if you want to boot Linux on a classic Mac or PowerMac
> and I don't think it's okay to break all these systems running Linux.
>
> Thanks,
> Adrian
>
> --
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer
> `. `' Physicist
> `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
--
ciao,
Marco
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: udisks2
Source-Version: 2.10.1-8
Done: Michael Biebl <bi...@debian.org>
We believe that the bug you reported is fixed in the latest version of
udisks2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated udisks2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 03 Jul 2024 19:00:16 +0200
Source: udisks2
Architecture: source
Version: 2.10.1-8
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<pkg-utopia-maintain...@lists.alioth.debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Closes: 1041552
Changes:
udisks2 (2.10.1-8) unstable; urgency=medium
.
* Enable standard salsa CI
* Do not automatically mount unmaintained file systems.
Ship a udev rules files named 70-insecure-fs.rules which sets the udev
property UDISKS_AUTO to 0 for file systems that are marked as "Orphan"
or "Odd Fixes" in the kernel MAINTAINERS file. Those are more at risk of
having security-sensitive defects which could be exploited by a crafted
file system.
The list includes the following file systems:
affs, ecryptfs, efs, hfs, hfsplus, jffs2, jfs, qnx6, sysv.
As we require ID_FS_TYPE to be set, use priority 70 so it is ordered
after 60-persistent-storage.rules.
Thanks to Marco d'Itri (Closes: #1041552)
* Bump Standards-Version to 4.7.0
* Drop Ubuntu specific workaround for exfatprogs
Checksums-Sha1:
3461ef73e2ed896e520052cc2b2900c4ec64ad88 3439 udisks2_2.10.1-8.dsc
e1f1c9b16df47786902867a3a8f861b588628733 21424 udisks2_2.10.1-8.debian.tar.xz
d5474db7340dfd0c3438da3a63fbc06ae4a0f81e 6471 udisks2_2.10.1-8_source.buildinfo
Checksums-Sha256:
775145721c502e7abfb61a6eea4f750f2c6afc9f32bdce0a7d99c93b2fbf473f 3439
udisks2_2.10.1-8.dsc
872c4339a66834b016af2a559200ee91f66351de3457fd831d32e135478b54a3 21424
udisks2_2.10.1-8.debian.tar.xz
524dd512a03639507eea50faa50bdec01be8d4b79a8e6615e7ebd327d01ca53f 6471
udisks2_2.10.1-8_source.buildinfo
Files:
e6cc95a9ae76bed6a7e044537e100cca 3439 admin optional udisks2_2.10.1-8.dsc
0a8c0fc564bdc0d8141247ed04e62b9d 21424 admin optional
udisks2_2.10.1-8.debian.tar.xz
de068652b7968950b288f7debfa6f342 6471 admin optional
udisks2_2.10.1-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmaFk6gACgkQauHfDWCP
Itxfpw//Yb8dtHB1FAdqoM8FYoFEOAjFuIcnOBVwk2KoBs+Bn7Q55VB9MZCAL0uE
qkum/YgZiQPcZEyCIYtTa93nmGbW8xuo4CYT1j+HdJDZl8OziRg05F7j5k1mzytw
DKB5YgUZj6LIbDKjUhrxMNSG7Waew95XfUIFio8Nr7E+MSnsw3AUzeKJ+u2+7yFA
1YmWtui5NePODLvrbhhZY9VeLRzdWMvIwgfka0v8LMlDnJWWD6CzVP16XGj1T55A
bOzFoNfU5Oiyp717Gdt84kiD4a4Uc3FQ1TtaXTsiDoUmfw/a2jMeWRDTQA22bgA6
B3AiZSo7FCT6O7s8MV+N6mw2xwUMZ9wZrcyDh5wu3CstNBw9M7va43cNQ5oto+g2
j6qPTL5IOA07LDfhwlFEMs7lm/xZ/Tdf0lg9vAmQweUjliMuCf4cVo/FXVF7Tvdc
UftyAXUTGpvmEwb9U+BttyxLgSlV7gvmdO+k2KUxTqn7jW8SPigv+bETKG1H4yRE
eXwXYnTscSRWk9A9oMmJQfpeDnTB1NcknyRtEG2wubUfbn+iciH60vmXCaoCjXlg
co+NdFoEC+/IfwxNCFUIpCaqRNGQ3Np/teu7GLoRj0JNwslQi0YlsMV++BuSaArx
4jMGTBHJzKMjdvhUTAFzOS+NR1UOtrkCgTsLgNWiUAJ7Fj6P+/c=
=EODW
-----END PGP SIGNATURE-----
pgpn8PJEFz5RV.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
