Re: Bugs involving maliciously crafted file system

2018-06-15 Thread Dmitry Vyukov
On Mon, Jun 11, 2018 at 3:33 PM, Theodore Y. Ts'o wrote: > On Mon, Jun 11, 2018 at 03:07:24PM +0200, Dmitry Vyukov wrote: >> >> These can't be weaponized to execute code, but if a BUG_ON is >> triggerable over a network, or from VM guest, then it's likely more >> critical than a local code

Re: Bugs involving maliciously crafted file system

2018-06-15 Thread Dmitry Vyukov
On Mon, Jun 11, 2018 at 3:33 PM, Theodore Y. Ts'o wrote: > On Mon, Jun 11, 2018 at 03:07:24PM +0200, Dmitry Vyukov wrote: >> >> These can't be weaponized to execute code, but if a BUG_ON is >> triggerable over a network, or from VM guest, then it's likely more >> critical than a local code

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Theodore Y. Ts'o
On Mon, Jun 11, 2018 at 03:07:24PM +0200, Dmitry Vyukov wrote: > > These can't be weaponized to execute code, but if a BUG_ON is > triggerable over a network, or from VM guest, then it's likely more > critical than a local code execution. That's why I am saying that > automated evaluation is

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Theodore Y. Ts'o
On Mon, Jun 11, 2018 at 03:07:24PM +0200, Dmitry Vyukov wrote: > > These can't be weaponized to execute code, but if a BUG_ON is > triggerable over a network, or from VM guest, then it's likely more > critical than a local code execution. That's why I am saying that > automated evaluation is

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Dmitry Vyukov
On Wed, May 30, 2018 at 10:51 PM, 'Matthew Garrett' via syzkaller-bugs wrote: > On Wed, May 30, 2018 at 1:42 PM Dave Chinner wrote: >> We've learnt this lesson the hard way over and over again: don't >> parse untrusted input in privileged contexts. How many times do we >> have to make the same

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Dmitry Vyukov
On Wed, May 30, 2018 at 10:51 PM, 'Matthew Garrett' via syzkaller-bugs wrote: > On Wed, May 30, 2018 at 1:42 PM Dave Chinner wrote: >> We've learnt this lesson the hard way over and over again: don't >> parse untrusted input in privileged contexts. How many times do we >> have to make the same

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Dmitry Vyukov
On Sat, May 26, 2018 at 10:24 PM, Theodore Y. Ts'o wrote: > On Sat, May 26, 2018 at 07:12:49PM +0200, Dmitry Vyukov wrote: >> >> I don't see that "some kind of machine learning or expert system >> evaluation" is feasible. At least not in short/mid-term. There are >> innocently-looking bugs that

Re: Bugs involving maliciously crafted file system

2018-06-11 Thread Dmitry Vyukov
On Sat, May 26, 2018 at 10:24 PM, Theodore Y. Ts'o wrote: > On Sat, May 26, 2018 at 07:12:49PM +0200, Dmitry Vyukov wrote: >> >> I don't see that "some kind of machine learning or expert system >> evaluation" is feasible. At least not in short/mid-term. There are >> innocently-looking bugs that

Re: Bugs involving maliciously crafted file system

2018-05-30 Thread Matthew Garrett
On Wed, May 30, 2018 at 1:42 PM Dave Chinner wrote: > We've learnt this lesson the hard way over and over again: don't > parse untrusted input in privileged contexts. How many times do we > have to make the same mistakes before people start to learn from > them? You're not wrong, but we haven't

Re: Bugs involving maliciously crafted file system

2018-05-30 Thread Matthew Garrett
On Wed, May 30, 2018 at 1:42 PM Dave Chinner wrote: > We've learnt this lesson the hard way over and over again: don't > parse untrusted input in privileged contexts. How many times do we > have to make the same mistakes before people start to learn from > them? You're not wrong, but we haven't

Re: Bugs involving maliciously crafted file system

2018-05-30 Thread Eric W. Biederman
"Theodore Y. Ts'o" writes: > On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: >> User automounting of removable storage should be done via a >> privilege separation mechanism and hence avoid this whole class of >> security problems. We can get this separation by using FUSE in these

Re: Bugs involving maliciously crafted file system

2018-05-30 Thread Eric W. Biederman
"Theodore Y. Ts'o" writes: > On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: >> User automounting of removable storage should be done via a >> privilege separation mechanism and hence avoid this whole class of >> security problems. We can get this separation by using FUSE in these

Re: Bugs involving maliciously crafted file system

2018-05-26 Thread Theodore Y. Ts'o
On Sat, May 26, 2018 at 07:12:49PM +0200, Dmitry Vyukov wrote: > > I don't see that "some kind of machine learning or expert system > evaluation" is feasible. At least not in short/mid-term. There are > innocently-looking bugs that actually turn out to be very bad, and > there are badly looking

Re: Bugs involving maliciously crafted file system

2018-05-26 Thread Theodore Y. Ts'o
On Sat, May 26, 2018 at 07:12:49PM +0200, Dmitry Vyukov wrote: > > I don't see that "some kind of machine learning or expert system > evaluation" is feasible. At least not in short/mid-term. There are > innocently-looking bugs that actually turn out to be very bad, and > there are badly looking

Re: Bugs involving maliciously crafted file system

2018-05-26 Thread Dmitry Vyukov
On Thu, May 24, 2018 at 1:41 AM, Theodore Y. Ts'o wrote: > On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: >> >> What I'm personally hung up on are the bugs where the "exploit" involves >> merely >> mounting a crafted filesystem that in reality would never (until the

Re: Bugs involving maliciously crafted file system

2018-05-26 Thread Dmitry Vyukov
On Thu, May 24, 2018 at 1:41 AM, Theodore Y. Ts'o wrote: > On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: >> >> What I'm personally hung up on are the bugs where the "exploit" involves >> merely >> mounting a crafted filesystem that in reality would never (until the heat >> death

Re: Bugs involving maliciously crafted file system

2018-05-24 Thread Eric Sandeen
On 5/23/18 7:59 PM, Theodore Y. Ts'o wrote: On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: We've learnt this lesson the hard way over and over again: don't parse untrusted input in privileged contexts. How many times do we have to make the same mistakes before people start to

Re: Bugs involving maliciously crafted file system

2018-05-24 Thread Eric Sandeen
On 5/23/18 7:59 PM, Theodore Y. Ts'o wrote: On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: We've learnt this lesson the hard way over and over again: don't parse untrusted input in privileged contexts. How many times do we have to make the same mistakes before people start to

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Dave Chinner
On Wed, May 23, 2018 at 08:59:06PM -0400, Theodore Y. Ts'o wrote: > On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: > > > > We've learnt this lesson the hard way over and over again: don't > > parse untrusted input in privileged contexts. How many times do we > > have to make the

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Dave Chinner
On Wed, May 23, 2018 at 08:59:06PM -0400, Theodore Y. Ts'o wrote: > On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: > > > > We've learnt this lesson the hard way over and over again: don't > > parse untrusted input in privileged contexts. How many times do we > > have to make the

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Theodore Y. Ts'o
On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: > > We've learnt this lesson the hard way over and over again: don't > parse untrusted input in privileged contexts. How many times do we > have to make the same mistakes before people start to learn from > them? Good question. For

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Theodore Y. Ts'o
On Thu, May 24, 2018 at 10:49:31AM +1000, Dave Chinner wrote: > > We've learnt this lesson the hard way over and over again: don't > parse untrusted input in privileged contexts. How many times do we > have to make the same mistakes before people start to learn from > them? Good question. For

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Dave Chinner
On Wed, May 23, 2018 at 07:41:15PM -0400, Theodore Y. Ts'o wrote: > On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: > > > > What I'm personally hung up on are the bugs where the "exploit" involves > > merely > > mounting a crafted filesystem that in reality would never (until the

Re: Bugs involving maliciously crafted file system

2018-05-23 Thread Dave Chinner
On Wed, May 23, 2018 at 07:41:15PM -0400, Theodore Y. Ts'o wrote: > On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: > > > > What I'm personally hung up on are the bugs where the "exploit" involves > > merely > > mounting a crafted filesystem that in reality would never (until the

Bugs involving maliciously crafted file system

2018-05-23 Thread Theodore Y. Ts'o
On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: > > What I'm personally hung up on are the bugs where the "exploit" involves > merely > mounting a crafted filesystem that in reality would never (until the heat > death > of the universe) corrupt itself into that state on its own;

Bugs involving maliciously crafted file system

2018-05-23 Thread Theodore Y. Ts'o
On Wed, May 23, 2018 at 01:01:59PM -0500, Eric Sandeen wrote: > > What I'm personally hung up on are the bugs where the "exploit" involves > merely > mounting a crafted filesystem that in reality would never (until the heat > death > of the universe) corrupt itself into that state on its own;