From: "Theodore Ts'o" <tytso@mit.edu>
To: sandeen@redhat.com
Cc: syzbot <syzbot+27eece6916b914a49ce7@syzkaller.appspotmail.com>,
adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev, nathan@kernel.org, ndesaulniers@google.com,
syzkaller-bugs@googlegroups.com, trix@redhat.com
Subject: Re: [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic forced after error (3)
Date: Thu, 17 Aug 2023 12:11:18 -0400 [thread overview]
Message-ID: <20230817161118.GC2247938@mit.edu> (raw)
In-Reply-To: <81f96763-51fe-8ea1-bf81-cd67deed9087@redhat.com>
On Thu, Aug 17, 2023 at 09:47:48AM -0500, Eric Sandeen wrote:
>
> Just to play devil's advocate here - (sorry) - I don't see this as any
> different from any other "malicious" filesystem image.
>
> I've never been a fan of the idea that malicious images are real security
> threats, but whether the parking lot USB stick paniced the box in an
> unexpected way or "on purpose," the result is the same ...
>
> I wonder if it might make sense to put EXT4_MOUNT_ERRORS_PANIC under a
> sysctl or something, so that admins can enable it only when needed.
Well, if someone is stupid enough to plug in a parking lot USB stick
into their system, they get everything they deserve. And a forced
panic isn't going to lead a more privilege escalation attack, so I
really don't see a problem if a file system which is marked "panic on
error", well, causes a panic. It's a good way of (harmlessly)
punishing stupid user tricks. :-)
The other way of thinking about it is that if your threat model
includes an attacker with physical access to the server with a USB
port, attacks include a cable which has a USB port on one side, and a
120V/240V AC mains plug on the the other. This will very likely cause
a system shutdown, even if they don't have automount enabled. :-)
- Ted
next prev parent reply other threads:[~2023-08-17 16:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-16 22:48 [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic forced after error (3) syzbot
2023-08-17 14:21 ` Theodore Ts'o
2023-08-17 14:28 ` Aleksandr Nogikh
2023-08-17 14:45 ` Theodore Ts'o
2023-08-18 11:43 ` Aleksandr Nogikh
2023-08-18 16:46 ` Aleksandr Nogikh
2023-08-17 14:47 ` Eric Sandeen
2023-08-17 16:11 ` Theodore Ts'o [this message]
2023-08-17 16:47 ` Eric Biggers
2023-08-18 2:10 ` Theodore Ts'o
2023-08-18 2:52 ` Eric Biggers
2023-08-18 14:25 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230817161118.GC2247938@mit.edu \
--to=tytso@mit.edu \
--cc=adilger.kernel@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=sandeen@redhat.com \
--cc=syzbot+27eece6916b914a49ce7@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).