On Wed, May 30, 2018 at 1:42 PM Dave Chinner <david@xxxxxxxxxxxxx> wrote: > We've learnt this lesson the hard way over and over again: don't > parse untrusted input in privileged contexts. How many times do we > have to make the same mistakes before people start to learn from > them? You're not wrong, but we haven't considered root to be fundamentally trustworthy for years - there are multiple kernel features that can be configured such that root is no longer able to do certain things (the one-way trap for requiring module signatures is the most obvious, but IMA in appraisal mode will also restrict root), and as a result it's not reasonable to be worried only about users - it's also necessary to prevent root form being able to deliberately mount a filesystem that results in arbitrary code execution in the kernel. -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
