From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>,
Matthew Wilcox <willy@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
syzbot <syzbot+7bb7cd3595533513a9e7@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
christian.brauner@ubuntu.com,
Damien Le Moal <damien.lemoal@opensource.wdc.com>,
Jeff Layton <jlayton@kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
syzkaller-bugs@googlegroups.com,
ZhangPeng <zhangpeng362@huawei.com>,
linux-m68k@lists.linux-m68k.org
Subject: Re: [syzbot] [hfs?] WARNING in hfs_write_inode
Date: Fri, 21 Jul 2023 00:40:26 -0500 [thread overview]
Message-ID: <87y1j9ddpx.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <CACT4Y+aJb4u+KPAF7629YDb2tB2geZrQm5sFR3M+r2P1rgicwQ@mail.gmail.com> (Dmitry Vyukov's message of "Thu, 20 Jul 2023 17:27:57 +0200")
Dmitry Vyukov <dvyukov@google.com> writes:
> On Thu, 5 Jan 2023 at 17:45, Viacheslav Dubeyko <slava@dubeyko.com> wrote:
>> > On Wed, Jan 04, 2023 at 08:37:16PM -0800, Viacheslav Dubeyko wrote:
>> >> Also, as far as I can see, available volume in report (mount_0.gz) somehow corrupted already:
>> >
>> > Syzbot generates deliberately-corrupted (aka fuzzed) filesystem images.
>> > So basically, you can't trust anything you read from the disc.
>> >
>>
>> If the volume has been deliberately corrupted, then no guarantee that file system
>> driver will behave nicely. Technically speaking, inode write operation should never
>> happened for corrupted volume because the corruption should be detected during
>> b-tree node initialization time. If we would like to achieve such nice state of HFS/HFS+
>> drivers, then it requires a lot of refactoring/implementation efforts. I am not sure that
>> it is worth to do because not so many guys really use HFS/HFS+ as the main file
>> system under Linux.
>
>
> Most popular distros will happily auto-mount HFS/HFS+ from anything
> inserted into USB (e.g. what one may think is a charger). This creates
> interesting security consequences for most Linux users.
> An image may also be corrupted non-deliberately, which will lead to
> random memory corruptions if the kernel trusts it blindly.
I am going to point out that there are no known linux filesystems
that are safe to mount when someone has written a deliberately
corrupted filesystem on a usb stick.
Some filesystems like ext4 make a best effort to fix bugs of this sort
as they are discovered but unless something has changed since last I
looked no one makes the effort to ensure that it is 100% safe to mount
any possible corrupted version of any Linux filesystem.
If there is any filesystem in Linux that is safe to automount from
an untrusted USB stick I really would like to hear about it. We could
allow mounting them in unprivileged user namespaces and give all kinds
of interesting capabilities to our users.
As it is I respectfully suggest that if there is a security issue it is
the userspace code that automounts any filesystem on an untrusted USB
stick.
Eric
next prev parent reply other threads:[~2023-07-21 5:42 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 14:24 [syzbot] [hfs?] WARNING in hfs_write_inode syzbot
2023-01-04 14:43 ` Arnd Bergmann
2023-01-04 19:06 ` Linus Torvalds
2023-01-04 22:33 ` Arnd Bergmann
2023-01-04 22:42 ` John Paul Adrian Glaubitz
2023-01-05 0:36 ` Viacheslav Dubeyko
2023-01-05 4:37 ` Viacheslav Dubeyko
2023-01-05 15:46 ` Matthew Wilcox
2023-01-05 16:45 ` Viacheslav Dubeyko
2023-07-20 15:27 ` Dmitry Vyukov
2023-07-20 17:30 ` Matthew Wilcox
2023-07-20 17:50 ` John Paul Adrian Glaubitz
2023-07-20 17:59 ` Matthew Wilcox
2023-07-20 18:27 ` Jeff Layton
2023-07-20 22:20 ` Dave Chinner
2023-07-21 1:03 ` Finn Thain
2023-07-21 1:11 ` Matthew Wilcox
2023-07-21 1:25 ` Michael Schmitz
2023-07-21 1:45 ` Finn Thain
2023-07-21 6:42 ` Kirsten Bromilow
2023-07-21 8:14 ` Finn Thain
2023-07-21 13:10 ` Theodore Ts'o
2023-07-20 21:38 ` Jeffrey Walton
2023-07-20 22:37 ` Matthew Wilcox
2023-07-20 22:53 ` Linus Torvalds
2023-07-21 1:28 ` Mike Hosken
2023-07-20 17:56 ` John Paul Adrian Glaubitz
2023-07-20 19:05 ` Michael Schmitz
2023-07-21 5:07 ` John Paul Adrian Glaubitz
2023-07-21 5:40 ` Eric W. Biederman [this message]
2023-01-05 21:34 ` Michael Schmitz
2023-01-05 21:53 ` Linus Torvalds
2023-01-05 23:46 ` Michael Schmitz
2023-01-06 7:09 ` Michael Schmitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y1j9ddpx.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=christian.brauner@ubuntu.com \
--cc=damien.lemoal@opensource.wdc.com \
--cc=dvyukov@google.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=slava@dubeyko.com \
--cc=syzbot+7bb7cd3595533513a9e7@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=torvalds@linux-foundation.org \
--cc=willy@infradead.org \
--cc=zhangpeng362@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox