From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Subject: Re: moving affs + RDB partition support to staging? To: John Paul Adrian Glaubitz , Geert Uytterhoeven , Martin Steigerwald Cc: Matthew Wilcox , David Sterba , Linux FS Devel , Linux Kernel Mailing List , Jens Axboe , linux-m68k References: <20180425154602.GA8546@bombadil.infradead.org> <20180425203029.GQ21272@twin.jikos.cz> <20180426025717.GA32430@bombadil.infradead.org> <1613268.lKBQxPXt8J@merkaba> <7a997bb7-7f1c-e8b4-667c-3993f1d82e7c@earthlink.net> From: jdow Message-ID: Date: Sun, 6 May 2018 21:54:47 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: On 20180506 01:52, John Paul Adrian Glaubitz wrote: > On 04/27/2018 03:26 AM, jdow wrote: >> And before I forget there are two features of the RDBs that I heartily recommend never implementing on Linux. They were good ideas at the time; but, times >> changed. The RDBs are capable of storing a filesystem driver and some drive init code for the plugin disk driver card. That is giving malware authors entirely >> goo easy a shot at owning a machine. Martin S., I would strongly suggest that going forward those two capabilities be removed from the RDB readers in AmigaOS >> as well as Linux OS. > > I assume removing the feature for AmigaOS isn't really possible since we don't have > the source code for that, do we? > > Also, if I remember correctly, Mac partitions can store filesystem drivers as well > and its actually a feature being used in MacOS. parted received a patch some time > ago to fix the correct handling for storing the filesystem driver in the partition > table. > > I would be generally against removing these features as I don't think the security > risk is relevant for the majority of users. The Amiga is a hobbyist machine these > days and AmigaOS has certainly way more on than way to be compromised through > vulnerabilities. > > Adrian You do not necessarily have the source for the device drivers. However the DriveInit code and the filesystem code get executed by the OS initialization code. The objection I have to the concept is that it's invisible to the user. The Linux filesystem code is either compiled into the kernel or is available in the libraries where it can be monitored at several levels from source code on up. Within AmigaDOS it can be monitored fairly easily by an AV tool - in theory. Alas, this is trying to lock the barn door after the barn has burned to the ground with a clever enough piece of malware. At least AmigaDOS AV tools should be expected to examine DriveInit and filesystem images on disk in the RDBs for malware modifications to those blocks. This is a burden Linux should not be forced to bear. So loading filesystems from RDBs instead of the more usual and accepted Linux practices should be disabled. And at least a portion of this discussion is Linux related. That's why I mentioned disabling the feature. While I cannot see much money in AmigaDOS related malware I can see it in Linux malware. And there's no real "glory" in launching malware on AmigaDOS. It's too easy a problem last I knew. "Whoopie, you have just proven you can ride a tricycle. Can't you do better?" (One could argue that AmigaDOS 1.0 was self-inflicted malware foisted on marvelous hardware for the era.) {^_^} Joanne Dow