> > On 14/05/13 18:01, Russell Coker wrote: > >> It's been too > >> easy, even with Linux [1] (_might_ be okay now, depends on your distro > >> and setup) to cause havoc with a rogue USB stick or similar as well. > > > > How would someone do that? Linux doesn't have a run a program > automatically > > when device is mounted "feature" unlike Windows. > > Read the article -- the exploit targeted the kernel module that handles > the USB port. It fetches the USB device's name automatically when you > plug something in -- and it turned out there was a buffer overflow > available there. >
I wouldn't worry too much. I suspect with the correct sort of fs corruption you could crash most kernels anyway [1]. You would need to get the user to mount the inserted USB but that's probably their intent if they have inserted it. FUSE FTW! [2] James [1] I have no evidence to back this up unless you count anecdotal evidence [2] It may still be possible even with FUSE _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
