'Re: Restricting automounting of uncommon filesystems?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Restricting automounting of uncommon filesystems?
From:       Solomon Peachy via devel <devel () lists ! fedoraproject ! org>
Date:       2023-07-23 16:10:05
Message-ID: ZL1Q3eTS2c9A+Ee2 () shaftnet ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Sun, Jul 23, 2023 at 11:25:12AM -0400, Neal Gompa wrote:
> > If the system administrator wants to mount $UNCOMMONFS, they should be
> > able to do so without hassle, but that doesn't mean that a normal user
> > who got handed a sketchy USB stick at a conference should be able to do
> > so with no restrictions at all.
> >
> 
> So then some kind of configuration to udisks2 to have a similar effect?

And we're right back at square one, with the *overwhelmingly* common case 
of a single-user system whose "admin" is sitting in front of the system.

Of _course_ they want to mount the disk.  It's why they plugged it in, 
and they don't give two hoots if it's a "common filesystem" or not.

(FFS, most of the stuff I personally plug in these days is ext4 or ntfs, 
because fat32 sucks and I can't rely on exfat on all systems I need to 
interoperate with)

And let's be realistic here -- the overwhelmingly common threat model 
here is that there are untrusted files on a correctly-formed filesystem.  
Bad guys rarely need or care to get root on the system; what they're 
after requires normal, non-elevated user permissions.

Prompting users 'are you sure you want to use this device' will turn a 
"yes" into an automatic reflex.  Not automounting by default will just 
add another thing to the "things to change on default fedora 
installations" lists out there (ie right after the "enable freshrpms and 
install modern video codecs" step), becuase it's a usability nightmare.

In the "usability vs security" tradeoff, usability/convenience *always* 
wins unless you're at a place that has armed guards at the door with 
instructions to shoot first.

 - Solomon
-- 
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
Dowling Park, FL                      speachy (libra.chat)

["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic