Defending mounted filesystems from the root user

Posted Aug 23, 2023 14:03 UTC (Wed) by draco (subscriber, #1792)
In reply to: Defending mounted filesystems from the root user by zeno_kdab
Parent article: Defending mounted filesystems from the root user

Not necessarily. As an analogy, let's say that the block device is cloud storage. The cloud storage has different threats than the rest of the computer.

It's fair to say that in a scenario where you're computing in malicious environments that you must be able to trust some of your hardware — if you can't trust the CPU itself, you're doomed, sure. But with a trusted computing core and IOMMU, you can (in principle) mitigate malicious I/O if you write the drivers defensively.

Defending mounted filesystems from the root user

Posted Aug 23, 2023 17:21 UTC (Wed) by zeno_kdab (guest, #165579) [Link]

I'll agree that it does seem theoretically possible to do so. Though I am doubtful that it is a good idea, besides the already mentioned concern of practical feasibility.

Imho either you trust your hardware, and don't want your FS drivers to be slowed down by being implemented super defensively, always rechecking everything etc. Or you don't trust, but then you should be fine taking the perf hit by using FUSE or a VM to isolate the hardware handling from your host kernel.

Having said that, I always dream about a new OS kernel that transcends the monolithic/micro-dichotomy by easily allowing to move all kinds of driver into userspace and back ;)