UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824,
MOKB-03-11-2006, CVE-2006-5679
Pieter de Goeje
pieter at degoeje.nl
Sat Nov 25 06:17:57 PST 2006
On Saturday 25 November 2006 13:20, O. Hartmann wrote:
> Sorry, if my question may sound heretic, but wouldn't it be more
> sophisticated solving the problem instead of disabling everything what
> could trigger the bug?
>
> Look, on many desktop systems, USB backup drives become very common,
> even eSATA backup solutions. I try to use those convenienc things eithe
> in lab or at home on my private machine. Mounting the file system is
> done via amd() and automatically as the file system gets accessed via
> its link point.
Accessing external (and possibly hostile) media should not be done in kernel,
because 1) the system may panic and 2) the system may be compromised. When
the storage driver runs in usermode and has only the user's privileges, we
have much better security by design.
AFAIK fuse (http://fuse4bsd.creo.hu) is an attempt to implement this.
Regards,
Pieter de Goeje
More information about the freebsd-stable
mailing list