Date: Sat, 28 Jul 2007 09:19:05 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Dennis Melentyev <dennis.melentyev@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: removing external usb hdd without unmounting causes reboot? Message-ID: <20070727231905.GJ1152@turion.vk2pj.dyndns.org> In-Reply-To: <b84edfa10707270829o519727dx3271dbaccde30953@mail.gmail.com> References: <469E6545.3070600@FreeBSD.org> <200707231415.l6NEFuRo035076@lurza.secnetix.de> <20070724094451.GB1162@turion.vk2pj.dyndns.org> <b84edfa10707270829o519727dx3271dbaccde30953@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--tqI+Z3u+9OQ7kwn0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Jul-27 18:29:44 +0300, Dennis Melentyev <dennis.melentyev@gmail.com= > wrote: >Sorry for continuing this thread, but let's not forgot the security >aspect of this issue: >If you run amd on some host configured to automount USB drives, it's >easy to force DoS attack. Just insert the flash/HDD and remove it >short after it's mounted. It's almost impossible to secure a machine against someone with physical access to that machine. As you point out, pushing the reset button or pulling the power cable works. >USB stick, just in case of a Flash with dead blocks on it or just >badly formatted one it's too easy to get totally unexpected panics. There are two distinct issues here: When you remove the hardware, the low-level datastructures get freed but the high level (FS) code still points into those (now freed) structures - ie you have use-after-free errors. As has been pointed out, resolving these issues is difficult because they affect many different areas within the kernel. If the filesystem is corrupt, then it is no longer internally consistent and assumptions/requirements in the FS code are no longer valid. It is possible that assert() checks are tripped or implicit assumptions in the code are violated, possibly leading to panics. Bad blocks could lead to similar behaviour. Fixing these problems is (in general) not hard because it's mostly just adding appropriate checks in the FS code and I believe that most of the cases where this can occur have already been corrected. >I'd rather consider this problem as security one. I think that is a very long stretch. >Is there any correct way to initiate funding to rewrite VM/VFS related >parts (getting non-panicable removable devices)? Who should one >contact for this? I would suggest that the first step is finding someone (or a few people) with the necessary skills who is/are willing to work on the problem. Offering funding may increase the potential pool but will not automatically solve the skills/knowledge issue. As for initiating funding, you have several options: 1) Do it yourself: Find someone(s) to do the work (either by approaching likely candidates or advertising on FreeBSD lists), get an indication of the necessary funding and then raise the funds yourself. 2) Approach the FreeBSD Foundation, with or without names. 3) Approach corporations that are FreeBSD-friendly. Yahoo! and Apple are the first ones that come to mind. --=20 Peter Jeremy --tqI+Z3u+9OQ7kwn0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGqn1p/opHv/APuIcRArr2AKCTOLoLddDdkucIhLNGq+z0KKu//gCfRbWF YJYg9vSfsQehGDwYKLt6SiE= =05YA -----END PGP SIGNATURE----- --tqI+Z3u+9OQ7kwn0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070727231905.GJ1152>