[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Restricting automounting of uncommon filesystems?
From:       "Smith, Stewart via devel" <devel () lists ! fedoraproject ! org>
Date:       2023-07-30 18:51:02
Message-ID: C121C893-0438-4C5F-8FEA-6F7FD58FFF6D () amazon ! com
[Download RAW message or body]


> On Jul 24, 2023, at 7:17 AM, Michael Catanzaro <mcatanzaro@redhat.com> wrote:
> 
> On Sun, Jul 23 2023 at 11:18:45 PM -0400, Demi Marie Obenour
> <demiobenour@gmail.com> wrote:
> > Then the mount needs to be done in a sandbox, such as a KVM guest or
> > sandboxed userspace process.
> 
> Hmmm... I don't think traditional sandboxing accomplishes anything
> here, because we're trying to protect against kernel bugs, not
> userspace bugs, and if the kernel is compromised then you escape the
> sandbox. A KVM virtual machine would solve that, certainly, but that
> sounds really complicated to do? We don't have any precedent for
> spinning up virtual machines to perform normal desktop operations.
> Doesn't that require hardware support anyway? i.e. virtualization might
> be disabled at the firmware level?

Many (most?) cloud environments don't expose a nested virt capability. That being \
said, even qemu tcg could be a better option for confinement and deliver perfectly \
acceptable performance for a bunch of the use cases.

It's convenient for me, the user, to be able to use normal Linux utilities to read \
and write files on media for increasingly "oh goodness this makes me feel old, I \
swear that was current just last week" old machines, I don't exactly need multiple \
hundreds of megabytes per second of IO to that media, I much prefer that a random \
disk image of a 1990s era Mac System Software Beta has as many obstacles as possible \
to being able to inject code into the kernel that I also use to log into my bank. \
_______________________________________________ devel mailing list -- \
devel@lists.fedoraproject.org To unsubscribe send an email to \
devel-leave@lists.fedoraproject.org Fedora Code of Conduct: \
https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: \
https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: \
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not \
reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


[prev in list] [next in list] [prev in thread] [next in thread]