Martin, On Mon, May 7, 2018 at 7:08 PM, Martin Steigerwald <martin@xxxxxxxxxxxx> wrote: > Michael Schmitz - 07.05.18, 04:40: >> Al, >> >> I don't think there is USB sticks with affs on them as yet. There >> isn't even USB host controller support for Amiga hardware (yet). >> >> Last I tried USB on m68k (Atari, 060 accelerator) the desktop >> experience was such that I'd rather not repeat that in a hurry (and >> that was a simple FAT USB stick). > > There is USB support available on Amiga since a long time. Good to hear that. I stand corrected. > On "Classic" Amigas AmigaOS 3.x with Poseidon USB stack + some USB card. Haven't seen a Linux driver for that 'some USB card' yet. > On AmigaOS 4.x built-in. AmigaOS 4.x hardware like Sam boards from Acube > Systems have USB controllers that work out of the bux. Forgot about the new (non-m68k) hardware. My focus is somewhat narrow, on m68k and Linux. > And I am pretty sure, you can also tell it to use Amiga Fast Filesystem > (on Linux affs) on an USB stick. Also you can plug in an external > harddisk with RDB partitions and whatever filesystems you wish. I already conceded that's possible. So our problem with the bug Al spotted, and AFFS on USB media are twtofold: AmigaOS: Exploitable: yes (unless the AmigaOS AFFS driver detects and mitigates this). Likelihood: low (as Joanne said there are easier ways to do harm to these systems) Linux: Exploitable: yes, except on hardware that doesn't have USB hardware support. Likelihood: high Can we blacklist affs from being autoloaded through udev on USB storage media discovery? Cheers, Michael
