From: "Theodore Ts'o" <tytso@mit.edu>
To: sandeen@redhat.com
Cc: syzbot <syzbot+27eece6916b914a49ce7@syzkaller.appspotmail.com>,
adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev, nathan@kernel.org, ndesaulniers@google.com,
syzkaller-bugs@googlegroups.com, trix@redhat.com
Subject: Re: [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic forced after error (3)
Date: Thu, 17 Aug 2023 12:11:18 -0400 [thread overview]
Message-ID: <20230817161118.GC2247938@mit.edu> (raw)
In-Reply-To: <81f96763-51fe-8ea1-bf81-cd67deed9087@redhat.com>
On Thu, Aug 17, 2023 at 09:47:48AM -0500, Eric Sandeen wrote:
>
> Just to play devil's advocate here - (sorry) - I don't see this as any
> different from any other "malicious" filesystem image.
>
> I've never been a fan of the idea that malicious images are real security
> threats, but whether the parking lot USB stick paniced the box in an
> unexpected way or "on purpose," the result is the same ...
>
> I wonder if it might make sense to put EXT4_MOUNT_ERRORS_PANIC under a
> sysctl or something, so that admins can enable it only when needed.
Well, if someone is stupid enough to plug in a parking lot USB stick
into their system, they get everything they deserve. And a forced
panic isn't going to lead a more privilege escalation attack, so I
really don't see a problem if a file system which is marked "panic on
error", well, causes a panic. It's a good way of (harmlessly)
punishing stupid user tricks. :-)
The other way of thinking about it is that if your threat model
includes an attacker with physical access to the server with a USB
port, attacks include a cable which has a USB port on one side, and a
120V/240V AC mains plug on the the other. This will very likely cause
a system shutdown, even if they don't have automount enabled. :-)
- Ted
next prev parent reply other threads:[~2023-08-17 16:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-16 22:48 [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic forced after error (3) syzbot
2023-08-17 14:21 ` Theodore Ts'o
2023-08-17 14:28 ` Aleksandr Nogikh
2023-08-17 14:45 ` Theodore Ts'o
2023-08-18 11:43 ` Aleksandr Nogikh
2023-08-18 16:46 ` Aleksandr Nogikh
2023-08-17 14:47 ` Eric Sandeen
2023-08-17 16:11 ` Theodore Ts'o [this message]
2023-08-17 16:47 ` Eric Biggers
2023-08-18 2:10 ` Theodore Ts'o
2023-08-18 2:52 ` Eric Biggers
2023-08-18 14:25 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230817161118.GC2247938@mit.edu \
--to=tytso@mit.edu \
--cc=adilger.kernel@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=sandeen@redhat.com \
--cc=syzbot+27eece6916b914a49ce7@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.