Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros

[Jacob Bachmeyer <jcb62281 () gmail com>]

On 6/5/25 21:24, Solar Designer wrote:
> On Tue, Jun 03, 2025 at 12:38:11PM +0200, Attila Szasz wrote:
> > [...]
> > Since then I checked, and 5.4 LTS (any<=5.6) had been vulnerable without
> > the need to ever mount an untrusted/malformed FS just by systematically
> > corrupting a vanilla fs's B-trees with normal operations.

This looks like another (and far more serious) problem.  Mounting a 
crafted malicious image is one thing, but being able to turn an 
already-mounted legitimate filesystem malicious is quite another.

Are those "normal operations" available to unprivileged users?

Could a Web page potentially exploit this by manipulating the browser's 
disk cache or other storage mechanisms?  (Hopefully not, but that would 
make this remotely exploitable on what is (I hope) an extremely rare 
configuration.)

Do I correctly read "(any<=5.6)" as indicating that the filesystem 
corruption bug has been fixed for a long time now?


-- Jacob