the 70-insecure-fs.rules file was shipped in udisks2 (2.10.1-8), so
Oracular and later:
* Do not automatically mount unmaintained file systems.
Ship a udev rules files named 70-insecure-fs.rules which sets the udev
property UDISKS_AUTO to 0 for file systems that are marked as "Orphan"
or "Odd Fixes" in the kernel MAINTAINERS file. Those are more at risk of
having security-sensitive defects which could be exploited by a crafted
file system.
The list includes the following file systems:
affs, ecryptfs, efs, hfs, hfsplus, jffs2, jfs, qnx6, sysv.
As we require ID_FS_TYPE to be set, use priority 70 so it is ordered
after 60-persistent-storage.rules.
Thanks to Marco d'Itri (Closes: #1041552)
Perhaps we should backport this change to previous releases as a security
improvement.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2114945
Title:
block less common filesystems by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/2114945/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
