Mounting an external drive

"For mounting the drive I would recommend running a file system driver in user space with fuse. I have seen fuse drivers available for most filesystems. That will be quite a bit more robust than using a kernel driver, and the exploit would be less severe. Especially if the filesystem process is sandboxed from the rest of the system."

I'd worry that the userspace driver will also get less maintenance. I guess the sandboxing could be pretty restrictive if it literally only needs access to the one device and the fuse interface? On the other hand the ability to return arbitrary data and metadata, unexpected errors, etc., could offer a lot of potential attacks against any application accessing that filesystem.

I don't know, it seems like a hard problem to me.

Every time we have this discussion I have flashbacks to some 30 years ago--weren't removable media (floppies) a primary vector for malware?