Mounting an external drive

Posted Apr 6, 2018 21:42 UTC (Fri) by ebiederm (subscriber, #35028)
In reply to: The first half of the 4.17 merge window by pizza
Parent article: The first half of the 4.17 merge window

For mounting the drive I would recommend running a file system driver in user space with fuse. I have seen fuse drivers available for most filesystems. That will be quite a bit more robust than using a kernel driver, and the exploit would be less severt. Especially if the filesystem process is sandboxed from the rest of the system.

It definitely makes sense to wait until a user asks. Some devices present as multiple usb devices, sometimes you get confused and plug the wrong device. Waiting for the user to say mount the drive now limits nefarious actions to when a user is actively watching which is more difficult to hide.

So even with in-kernel filesystem drivers that have not been built to be robust against malicious usb sticks there are things you can do that will make an attackers life more difficult.

Mounting an external drive with FUSE

Posted Apr 7, 2018 16:03 UTC (Sat) by alison (subscriber, #63752) [Link] (2 responses)

What is the best way to mount a ext4- or FAT-formatted USB stick with FUSE? 'man mount' and 'man fuse' offer few clues, as does /etc/fuse.conf. 'mount -t fuse /dev/sdc1 /mnt' doesn't work.

I gather that mounting block devices 'noexec' is in sufficient? If the filesystem metadata is, for example, designed to create a stack overflow and 'mount' is executed as root, it's easy to see why there could be a problem.

Mounting an external drive with FUSE

Posted Apr 8, 2018 0:04 UTC (Sun) by pabs (subscriber, #43278) [Link] (1 responses)

There are at least two projects that allow the use of Linux kernel code as user-space shared libraries, perhaps they could lead to the use of Linux kernel filesystem drivers in userland via FUSE.

https://www.phoronix.com/scan.php?page=news_item&px=I...
https://www.phoronix.com/scan.php?page=news_item&px=L...

Mounting an external drive with FUSE

Posted Apr 8, 2018 21:51 UTC (Sun) by OttoErickson (guest, #122996) [Link]

Tanenbaum would be so proud.

Mounting an external drive

Posted Apr 12, 2018 15:14 UTC (Thu) by bfields (subscriber, #19510) [Link]

"For mounting the drive I would recommend running a file system driver in user space with fuse. I have seen fuse drivers available for most filesystems. That will be quite a bit more robust than using a kernel driver, and the exploit would be less severe. Especially if the filesystem process is sandboxed from the rest of the system."

I'd worry that the userspace driver will also get less maintenance. I guess the sandboxing could be pretty restrictive if it literally only needs access to the one device and the fuse interface? On the other hand the ability to return arbitrary data and metadata, unexpected errors, etc., could offer a lot of potential attacks against any application accessing that filesystem.

I don't know, it seems like a hard problem to me.

Every time we have this discussion I have flashbacks to some 30 years ago--weren't removable media (floppies) a primary vector for malware?

Mounting an external drive

Posted Apr 13, 2018 8:03 UTC (Fri) by lacos (guest, #70616) [Link]

"For mounting the drive I would recommend running a file system driver in user space with fuse"

You can also use guestfish or guestmount from the libguestfs project. Those will use kernel drivers, but the kernel will be run in a virtual machine. (In fact, guestmount is a special case of fuse.)

http://libguestfs.org/guestfs-security.1.html
http://libguestfs.org/guestfs-faq.1.html#how-does-libgues...
http://libguestfs.org/guestmount.1.html