Dmitry Vyukov <dvyukov@xxxxxxxxxx> writes: > On Thu, 5 Jan 2023 at 17:45, Viacheslav Dubeyko <slava@xxxxxxxxxxx> wrote: >> > On Wed, Jan 04, 2023 at 08:37:16PM -0800, Viacheslav Dubeyko wrote: >> >> Also, as far as I can see, available volume in report (mount_0.gz) somehow corrupted already: >> > >> > Syzbot generates deliberately-corrupted (aka fuzzed) filesystem images. >> > So basically, you can't trust anything you read from the disc. >> > >> >> If the volume has been deliberately corrupted, then no guarantee that file system >> driver will behave nicely. Technically speaking, inode write operation should never >> happened for corrupted volume because the corruption should be detected during >> b-tree node initialization time. If we would like to achieve such nice state of HFS/HFS+ >> drivers, then it requires a lot of refactoring/implementation efforts. I am not sure that >> it is worth to do because not so many guys really use HFS/HFS+ as the main file >> system under Linux. > > > Most popular distros will happily auto-mount HFS/HFS+ from anything > inserted into USB (e.g. what one may think is a charger). This creates > interesting security consequences for most Linux users. > An image may also be corrupted non-deliberately, which will lead to > random memory corruptions if the kernel trusts it blindly. I am going to point out that there are no known linux filesystems that are safe to mount when someone has written a deliberately corrupted filesystem on a usb stick. Some filesystems like ext4 make a best effort to fix bugs of this sort as they are discovered but unless something has changed since last I looked no one makes the effort to ensure that it is 100% safe to mount any possible corrupted version of any Linux filesystem. If there is any filesystem in Linux that is safe to automount from an untrusted USB stick I really would like to hear about it. We could allow mounting them in unprivileged user namespaces and give all kinds of interesting capabilities to our users. As it is I respectfully suggest that if there is a security issue it is the userspace code that automounts any filesystem on an untrusted USB stick. Eric
