Hello, "> And what are you defending against?"
there was/is a great guy that investigated the security of the BSDs, reported a few bugs too: https://www.youtube.com/watch?v=rRg2vuwF1hY&feature=youtu.be&t=1522 that lead to ex.: https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/017_fuse.patch.sig So would the mentioned method, by removing the "grep -i fuse /sys/conf/GENERIC" and doing re-compile would "disable FUSE"? Thanks for the syspatch/relinking hint, I forgot about them if I touch the kernel! Thanks! > Sent: Sunday, January 28, 2018 at 5:15 AM > From: [email protected] > To: [email protected], [email protected] > Subject: Re: Removing FUSE would theoretically make a system more secure? > > > afaik if I would remove the lines that contains "FUSE" and "fuse" from > > /sys/conf/GENERIC and re-compile the kernel, that would mean, there will be > > no more FUSE support in my kernel after reboot. > > > > If so, would this step help to make my system more secure? Ex.: from a > > future FUSE related security issue? > > > > just asking theoretically, since I don't use FUSE related stuff, so > > thinking of that is unneeded. > > > > or it would just create an unsupported kernel which didn't had any tests > > regarding the missing fuse and maybe cause bigger issues and security > > issues vs. if I wouldn't touched it? > > I daresay that removing FUSE support will make you invulnerable to any > kind of bug in FUSE. jca has already given you an outline of the > reasons to believe such a bug, if it exists, is rather unlikely to be > exploitable. > > You had better consider what you're giving up when you make this change. > You won't be able to use FUSE. You won't be able to use syspatch. I'm > not sure how it affects kernel relinking. You'll have to build your > kernels yourself on all architectures you run for each release and every > kernel-related erratum. You'll have to maintain your changes. You > can't just say "I'm not sure" as I just did. You'll have to take > responsibility for the possibility that running a non-standard > configuration may introduce bugs. > > And what are you defending against? Somebody has to get root or a way > to mount filesystems without root. We'll assume he's got a way to mount > filesystems without root, because if he had a way to get root, he > wouldn't need bother with anything else. Then he's got to have his FUSE > exploit which gives him root. Since he probably doesn't have an account > on your system, he's got to have a third exploit to start running code > to begin with. > > Defense in depth is good, but this isn't worth the effort on your part. > > Your security need only be good enough to require an attacker spend more > than he's willing to spend. > > Martin > >
