Date: Sat, 25 Nov 2006 15:17:47 +0100 From: Pieter de Goeje <pieter@degoeje.nl> To: "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> Cc: freebsd-stable@freebsd.org Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 Message-ID: <200611251517.47230.pieter@degoeje.nl> In-Reply-To: <45683511.6030400@mail.zedat.fu-berlin.de> References: <20061125013802.20B6E45054@ptavv.es.net> <45679F01.90708@samsco.org> <45683511.6030400@mail.zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 25 November 2006 13:20, O. Hartmann wrote: > Sorry, if my question may sound heretic, but wouldn't it be more > sophisticated solving the problem instead of disabling everything what > could trigger the bug? > > Look, on many desktop systems, USB backup drives become very common, > even eSATA backup solutions. I try to use those convenienc things eithe > in lab or at home on my private machine. Mounting the file system is > done via amd() and automatically as the file system gets accessed via > its link point. Accessing external (and possibly hostile) media should not be done in kernel, because 1) the system may panic and 2) the system may be compromised. When the storage driver runs in usermode and has only the user's privileges, we have much better security by design. AFAIK fuse (http://fuse4bsd.creo.hu) is an attempt to implement this. Regards, Pieter de Goeje
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611251517.47230.pieter>