lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250513214314.GA6368@mit.edu>
Date: Tue, 13 May 2025 17:43:14 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Greg KH <gregkh@...uxfoundation.org>, cve@...nel.org,
        linux-cve-announce@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: REJECTED: CVE-2025-0927: heap overflow in the hfs and hfsplus
 filesystems with manually crafted filesystem

On Tue, May 13, 2025 at 06:09:24PM +0200, Dmitry Vyukov wrote:
> 
> Ted, have you read what this thread is about? :)
> I was talking only about images that fail fsck.

If it fails fsck, don't mount the !@?@# image.  For ext4, we can fix
pretty much any corrption, so using fsck.ext4 -y should work for nearly all
file system images.

> Re headcount, if we want that to ever happen, shouldn't we do what I proposed?

Do what?  Tell users that they should be able to mount untrusted file
systems that fail fsck, and after we have a catastrophic security
failure, hope that someone will fund it?  I don't think that's very
responsible.

Or did you mean spamming open source volunteers with syzbot reports
hoping that you can shame/abuse them to do the work for free?  Sorry,
that's not going to work.  It's just way too much of a lift ---
multiple SWE-years worth of work is not something that I'm going to do
after midnight or on weekends.

If you really want to mount file systesms that fail fsck, or you're
too lazy to run fsck on untrusted images (and this shouldn't be hard
to teach the desktop software check the file system automatically
before auto-mounting it), then another possibility is:

> > If you want to be even more paranoid (or the proprietary file system
> > doesn't have a good fsck), you could mount the file system via a guest
> > kernel running in a VM, where the VM is locked down using a seccomp
> > sandbox, and which provides file system services via 9pfs to the host
> > kernel.  9pfs is a remote file system which is easy to audit, and this
> > is a key part of the security strategy used by gVisor.

       	     	     	 	  	   - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ