| |||||||||||||
Can't disable unused filesystemsCan't disable unused filesystemsPosted Feb 22, 2013 23:13 UTC (Fri) by jmorris42 (subscriber, #2203)Parent article: A story of three kernel vulnerabilities
Of course something else that would help if if Linux still had something resembling documented, knowable/controllable behavior. In the days of old /etc/filesystems declared which filesystems could be automatically detected and mounted, all others requiring an explicit mount with the -t switch to force detection of the filesystem.
That file still exists of course, and the mount command will still honor it when issued from a command line; but it is ignored by graphical desktops. And this defect is undocumented and if filed as a bug would be instantly closed as NOTABUG.
For example the machine I'm typing on dual boots Win7 and has an NTFS filesystem for it. Despite efforts to suppress it, it shows an icon on my desktop and if I right click it the desktop environment happily offers to mount it and it will succeed. Meanwhile /etc/filesystems is still the stock one supplied by Fedora. It lists vfat, hfs and hfsplus (why) but does not mention ntfs.
In a sane world a Linux desktop would not automatically mount rare filesystems, better still it would honor /etc/filesystems so the user could control it. Just how many users need hfs support? On a removable device? Close enough to zero it should default to no. These days ext[234],vfat,ntfs,iso9660 and udf probably should default to supported with everything else off.
(Log in to post comments)
Can't disable unused filesystems Posted Feb 23, 2013 12:39 UTC (Sat) by cortana (subscriber, #24596) [Link]
It might be possible to implement something like this today with udev rules... if you could set the UDISKS_SYSTEM_INTERNAL property on a disk based on the value of one of its partitions ID_FS_TYPE properties. However I don't know how well that would interact with more interesting disk layouts (e.g., NTFS filesystem inside a LUKS container only unlocked once the user has double-clicked on it in the GUI).
As for /etc/filesystems and /proc/filesystems, these days mount itself only seems to consult them if '-t auto' is used (or '-t' is absent entirely) and if libblkid fails to identify the correct filesystem. So I get the feeling that /etc/filesystems is really a remnant of an obsolete feature that hasn't been used since kernel module autoloading went in.
Can't disable unused filesystems Posted Mar 2, 2013 16:59 UTC (Sat) by jmorris42 (subscriber, #2203) [Link]
Yea, /etc/filesystems is documented as only being consulted for -t auto or leaving the switch off entirely. If you explicitly specify a filesystem you expect the system to do what you told it.
But the key point remains, after several replies nobody can point to a way to actually solve a problem that exists on all graphical desktops.
udev is clearly not intended to be modified by the end user. It isn't documented, the files controlling it are written in a way to be hostile to manual editing and the entire subsystem has been churning for years.
Simply stopping the modules from loading isn't a good solution either.
You can't even reliably suppress the icons from appearing on a desktop. I once found a way to do it, it worked until the next Fedora.
Can't disable unused filesystems Posted Mar 3, 2013 15:42 UTC (Sun) by cortana (subscriber, #24596) [Link]
udisks does provide properties you can use to prevent volumes from being mounted by and/or shown to the user, so this should be possible. The churn is a huge pain in the arse, however. And I see it's about to get worse, since udisks is being replaced by udisks2... :/
Can't disable unused filesystems Posted Mar 4, 2013 15:27 UTC (Mon) by nix (subscriber, #2304) [Link]
In effect udisks has been unmaintained for ages. I've reported several bugs that could well be security holes upstream (writes through null pointers, writes through uninitalized, pointers, the code quality is really quite dire). Not one has ever got a response.
Can't disable unused filesystems Posted Feb 24, 2013 8:49 UTC (Sun) by paulj (subscriber, #341) [Link]
Ah, so I'm not the only frustrated by lots of "disk" icons appearing in nautilus, that are to do with the system, and there not being any reasonably obvious way (either from UI or in /etc) to hide them?
Arg!
Sure CAN disable unused filesystems =:^) Posted Mar 12, 2013 3:59 UTC (Tue) by Duncan (guest, #6647) [Link]
On gentoo anyway, turning off such filesystem support, and automount support in general, is easy. Appropriate USE flags and kernel ensure support for this is NOT builtin. Of course whether you consider gentoo "a reasonably obvious way" or not is up to you, but...
My gentoo/kde systems are build without udisks, policykit, etc support, the appropriate USE flags turned off, both due to the heavy dependencies (udisks-1 wanted lvm2, udisks2 wants gparted while I use gptfdisk, I need those installed like I need another hole in my head!). And the kernel is built for the specific system it's on, monolithic, module support turned off. (Tho I did have to package.provided a couple runtime deps, including kdesu, that I didn't need anyway. I could of course have edited and overlaid the ebuilds to kill the runtime deps, but that would have been a repeated edit over many updates. Package.provideing them only need be done once.)
So no automounting or GUI superuser access and for SURE no support for obscure filesystems!
Where specific privlege-required functions are to be used by the GUI user, I configure sudoers to allow the specific command, no more, no less, with or without password required, depending on the need and how locked down the command actually is. Yes, that does require that the user use the commandline for it, but IMO, if a user isn't comfortable using the commandline, they have no business running superuser/privileged commands in the first place.
Of course that's a bit drastic for many, but that's precisely the point, gentoo, being build from source by the user, allows turning off unneeded features at end-user-controlled build-time, as opposed to centralized distro decided "someone might use it so we better enable it" defaults, at /their/ buildtime. If you want automount, turn on the appropriate USE flags, else turn them off and don't even have the otherwise required components installed in the first place. Actually, it's more than that, in effect, over time gentoo STRONGLY ENCOURAGES observance of the security "only install what you actually use" rule, because otherwise you're repeatedly building updates for stuff you don't use anyway, so if you're not actually using it, it quickly becomes simpler to just turn it off and not worry about building it any more.
So yes, there's a "reasonably obvious" way to turn them off... switch to a distro (and desktop, if necessary, but I'd guess gnome on gentoo allows turning it off too, I just don't know for sure as I don't use it) that allows it, if yours doesn't. =:^)
Duncan
Can't disable unused filesystems Posted Feb 24, 2013 15:40 UTC (Sun) by spender (subscriber, #23067) [Link]
Grsecurity can do this. It happily prevents udisks from auto-loading modules for whatever filesystems on behalf of unprivileged users. It's unfortunate though that Linux is moving in this direction (of security decisions being made in userland brokers) as it hinders the ability to enforce more secure mandatory security policies.
Grsecurity will also prevent mount from being able to load arbitrary kernel modules (it will be restricted to modules that register a filesystem).
This is a subset of the full GRKERNSEC_MODHARDEN feature which prevents unprivileged users from being able to auto-load kernel modules, without having to implement a posteriori blacklists.
-Brad
|
|||||||||||||