On fre, 2014-10-10 at 05:49 -0700, Greg KH wrote: > On Fri, Oct 10, 2014 at 02:38:44PM +0200, Alexander Larsson wrote: > > There will always be bugs, I said that because the kernel security team > treats this type of bug very seriously and will work to fix it wherever > found. You _should_ be able to rely on mounting an arbitrary filesystem > image with no issues.
Well, here is the thing. We're trying to (in the end) make a secure sandbox here. The kernel is what supplies this sandbox, and the border of the sandbox is the kernel syscall abi. There can obviously be bugs in that abi that lets you get out of the sandbox, but I have decent trust in it. However, by allowing app authors to push any bag of bits at the kernel filesystem implementation makes the attack surface *much* larger, and much less battle-tested. Sure, such bugs should be fixed, but until they are I prefer that they are merely crashers when your usb stick has been broken, rather than attack vectors for remote code. _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
