[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fb889f9a-fce1-e4d0-0ebc-8dc06e40a533@earthlink.net>
Date: Sun, 6 May 2018 21:54:47 -0700
From: jdow <jdow@...thlink.net>
To: John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Martin Steigerwald <martin@...htvoll.de>
Cc: Matthew Wilcox <willy@...radead.org>,
David Sterba <dsterba@...e.cz>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jens Axboe <axboe@...nel.dk>,
linux-m68k <linux-m68k@...ts.linux-m68k.org>
Subject: Re: moving affs + RDB partition support to staging?
On 20180506 01:52, John Paul Adrian Glaubitz wrote:
> On 04/27/2018 03:26 AM, jdow wrote:
>> And before I forget there are two features of the RDBs that I heartily recommend never implementing on Linux. They were good ideas at the time; but, times
>> changed. The RDBs are capable of storing a filesystem driver and some drive init code for the plugin disk driver card. That is giving malware authors entirely
>> goo easy a shot at owning a machine. Martin S., I would strongly suggest that going forward those two capabilities be removed from the RDB readers in AmigaOS
>> as well as Linux OS.
>
> I assume removing the feature for AmigaOS isn't really possible since we don't have
> the source code for that, do we?
>
> Also, if I remember correctly, Mac partitions can store filesystem drivers as well
> and its actually a feature being used in MacOS. parted received a patch some time
> ago to fix the correct handling for storing the filesystem driver in the partition
> table.
>
> I would be generally against removing these features as I don't think the security
> risk is relevant for the majority of users. The Amiga is a hobbyist machine these
> days and AmigaOS has certainly way more on than way to be compromised through
> vulnerabilities.
>
> Adrian
You do not necessarily have the source for the device drivers. However the
DriveInit code and the filesystem code get executed by the OS initialization
code. The objection I have to the concept is that it's invisible to the user.
The Linux filesystem code is either compiled into the kernel or is available in
the libraries where it can be monitored at several levels from source code on
up. Within AmigaDOS it can be monitored fairly easily by an AV tool - in theory.
Alas, this is trying to lock the barn door after the barn has burned to the
ground with a clever enough piece of malware. At least AmigaDOS AV tools should
be expected to examine DriveInit and filesystem images on disk in the RDBs for
malware modifications to those blocks. This is a burden Linux should not be
forced to bear. So loading filesystems from RDBs instead of the more usual and
accepted Linux practices should be disabled. And at least a portion of this
discussion is Linux related. That's why I mentioned disabling the feature. While
I cannot see much money in AmigaDOS related malware I can see it in Linux
malware. And there's no real "glory" in launching malware on AmigaDOS. It's too
easy a problem last I knew. "Whoopie, you have just proven you can ride a
tricycle. Can't you do better?" (One could argue that AmigaDOS 1.0 was
self-inflicted malware foisted on marvelous hardware for the era.)
{^_^} Joanne Dow
Powered by blists - more mailing lists