oss-sec mailing list archives
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Wed, 11 Jun 2025 14:17:32 -0400
On 2025-06-11 13:35, Simon McVittie wrote:
On Wed, 11 Jun 2025 at 12:14:36 -0400, Marc Deslauriers wrote:On 2025-06-06 09:40, Attila Szasz wrote:I didn't make this explicit in the video, but this works when running as a non-sudoer user, and also on Ubuntu Server. I think Canonical Product Security might have better estimates on this, but I'm guessing many of the corporate, gov, academic, HPC cluster, etc use cases are impacted practically in such a setting.This isn't supposed to work for non-privileged users, and not on servers. We allow mounting usb drives for admin users sitting at the console by shipping a package called "policykit-desktop-privileges" which contains the following polkit rule:[Mounting, checking, etc. of internal drives] Identity=unix-group:admin;unix-group:sudo Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.e ncrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab; ResultActive=yesI don't think that stanza is relevant here, because it's about "system" or "internal" disks. udisks2 has a concept of whether a disk is "system" or not: see the source code for full details, but a short version is that internal HDDs/ SSDs are "system" and USB thumb drives are not, possibly modulo some corner cases like running your OS from a USB thumb drive.
Oh, yes, you are totally right. I always thought mounting usb drives was an Ubuntu-specific setting, but now that I look at udisks, the default for "org.freedesktop.udisks2.filesystem-mount" is in fact <allow_active>yes</allow_active>.
Marc.
Current thread:
- Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 02)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 02)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 05)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz (Jun 06)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie (Jun 07)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers (Jun 11)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie (Jun 11)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers (Jun 11)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 11)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 05)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 02)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 11)
- Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Greg KH (Jun 04)
- Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 05)
- Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Eli Schwartz (Jun 05)
- Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Jacob Bachmeyer (Jun 06)