You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Block.HintAuto property is an indication that the block device can be trusted for automounting - taking in account connection bus, block device type (floppies), devicemapper layering and corresponding fstab records.
This will ultimately need a list of trusted filesystem types defined somewhere, i.e. the Manager.SupportedFilesystems might not be sufficient (or comfortable for desktop users). Perhaps use the udiskslinuxfilesystem.c:well_known_filesystems list instead.
The goal is to further reduce attack vector by excluding ancient, unmantained or misc. kernel filesystem drivers.
The
Block.HintAutoproperty is an indication that the block device can be trusted for automounting - taking in account connection bus, block device type (floppies), devicemapper layering and corresponding fstab records.Since this property is already used for clients (
gvfs) to decide about automounting, adding their policy into the mix, it might be a good idea to take filesystem type in account as well. See also https://gitlab.gnome.org/GNOME/gvfs/-/blob/master/monitor/udisks2/gvfsudisks2volume.c#L414This will ultimately need a list of trusted filesystem types defined somewhere, i.e. the
Manager.SupportedFilesystemsmight not be sufficient (or comfortable for desktop users). Perhaps use theudiskslinuxfilesystem.c:well_known_filesystemslist instead.The goal is to further reduce attack vector by excluding ancient, unmantained or misc. kernel filesystem drivers.
Cc: @ondrejholy
The text was updated successfully, but these errors were encountered: