You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There would be a (albeit small) security benefit in specifying which fstype we expect mount to use when trying to mount files obtained from external/untrusted sources. Here's the discussion I had on #ubuntu-security (mdeslaur is a member of the security team at Canonical):
sdeziel: Hello o/, I have a tool that runs as root and mount -o ro ISOs retrieved from external sources. I know that comes with a bunch of risks on its own but I'm wondering if there would be some benefits in specifying the fstype to use (mount -t iso9660 -o ro ...) to avoid mount (or the kernel?) having to (wrongly?) guess the fstype?
mdeslaur: sdeziel: filesystem flaws are common, if you specify it, you make sure someone isn't trying to exploit a known vulnerability in some arbitrary filesystem
sdeziel: mdeslaur: thanks!
mdeslaur: I guess that would reduce exposure a bit
I checked LXD code base, and it has helper functions always specifying the fstype so maybe there is a possibility of code reuse/copy here.
The text was updated successfully, but these errors were encountered:
There would be a (albeit small) security benefit in specifying which
fstype
we expectmount
to use when trying to mount files obtained from external/untrusted sources. Here's the discussion I had on #ubuntu-security (mdeslaur
is a member of the security team at Canonical):I checked LXD code base, and it has helper functions always specifying the
fstype
so maybe there is a possibility of code reuse/copy here.The text was updated successfully, but these errors were encountered: