On 04/26/16 16:17, Conrad Meyer wrote:
On Tue, Apr 26, 2016 at 2:13 PM, Adrian Chadd <[email protected]> wrote:
You mean "hotplug mount a malicious USB disk via some installed
graphical enviornment?"
NOone does that... :)
Sure, but there the vulnerability is (IMO) that users are allowed to
arbitrarily mount stuff. That's a huge attack surface and this fix
only scratches the surface.
This is a plain bug, it may be nasty but not really a security
vulnerability.
If you give physical access to your system to an attacker you
probably have bigger problems than this.
We do need to make filesystems more resilient to malice. AFL?
That is a good idea.
For reference:
https://lwn.net/Articles/637151/
Cheers,
Pedro.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
