> > I wouldn't worry too much. I suspect with the correct sort of fs corruption > > you could crash most kernels anyway [1]. You would need to get the user to > > mount the inserted USB but that's probably their intent if they have > > inserted > > it. FUSE FTW! [2] > > In the article linked: > The attack vector was such that the attacker could plug the USB key into > an unattended, but locked, machine.. then remove it after a couple of > seconds and walk off. > > The victim would have no idea that while they were away their machine > had been compromised. > > That is far more insidious than a user simply having their machine crash > after the put a foreign USB stick into it. (And at which point they'd > just go straight back to the person who gave it to them and yell at them.) >
I see. Yes that is worse. I thought we were talking about handing out Linux install media on USB though, which would imply mounting the FS on the target system, involving a similar amount of risk either way. James _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
