[Gllug] Partition a 2 TB drive for storing films
Richard Jones
rich at annexia.org
Sun Mar 7 14:07:22 UTC 2010
On Sun, Mar 07, 2010 at 01:42:18PM +0000, Benjamin Donnachie wrote:
> On 7 March 2010 13:32, Nix <nix at esperi.org.uk> wrote:
> > Also, it is probably still possible to feed the kernel a sufficiently
> > corrupted ext[234] filesystem and have it execute arbitrary code, or
> > crash (these bugs are still being squashed). But you're not allowing
> > hostile local users to mount these filesystems so that's not a concern.
>
> Interesting... Have you got any sources for this to hand?
These do pop up from time to time. The latest ext3 one was, I think,
this one from four years ago:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
Here's another one from 2006 affecting ISO 9660 handling (ie. CDs, so
this is really quite serious):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5757
This is an HFS buffer overflow in the kernel discovered a few months ago:
https://bugzilla.redhat.com/show_bug.cgi?id=540736
The general advice is still (unfortunately) don't mount *any*
untrusted filesystems directly on your machines.
Libguestfs gives you some greater protection here, because not only
would the crafted filesystem have to exploit the kernel (which is
virtualized in libguestfs), but it would also have to exploit either
the libguestfs protocol (well understood, simple, robust and checked),
or the qemu container. Also libguestfs encourages you to _not_ run
everything as root.
Rich.
--
Richard Jones
Red Hat
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list