Re: How do we store/install apps?

[Alexander Larsson <alexl redhat com>]

On fre, 2014-10-10 at 14:26 +0200, Alexander Larsson wrote:
> On fre, 2014-10-10 at 05:10 -0700, Greg KH wrote:
> > On Fri, Oct 10, 2014 at 01:52:05PM +0200, Alexander Larsson wrote:
> > > * Don't pass untrusted data to the kernel. For instance, it is risky
> > >   to download raw filesystem data and then mount that, or mount a
> > >   loopback file that the user can modify. The raw filesystem data is
> > >   directly parsed by the kernel and weird data there can cause kernel
> > >   panics.
> >
> > If that happens, the kernel is doing something wrong, and needs to be
> > fixed :)
> >
> > Seriously, if you know of any such bugs, please let the kernel
> > developers know and they will be fixed, just like we've fixed this same
> > type of bug many many times in the past.
> >
> > So don't worry too much about this one, it shouldn't be an issue.
>
> Sure, it *should* not happen. But empirically it does. For instance
> there was this recent mail:
>
> https://lists.fedoraproject.org/pipermail/devel/2014-October/203101.html
>
> Where light fuzzing of a btrfs filesystem caused pretty bad behaviour in
> many cases. I also know people who had similar issues with btrfs on
> usbdisks that where bad.
>
> Can you imagine instead of random fuzzying someone was actively trying
> to attach the kernel code by creating creative invalid file systems.
> These codepaths are *not* well tested or reviewed...

Also, your own comment "just like we've fixed this same type of bug many
many times in the past" makes one less than confident...