|
|
|
|
|
|
by Filligree
3335 days ago
|
|
|
> To avoid a crash, users can mount potentially malicious filesystems in userspace, i.e. users can run kernel drivers like ffs outside of the kernel. This feature comes from a non-Linux kernel. I have read this may be able to work on Linux too but I have never tried it. Linux has FUSE for this, but... - A lot of filesystems don't have FUSE drivers. You can't use the same kernel-mode drivers in userspace. In fact, off the top of my head, the only filesystem with both kernel-mode and userspace drivers is ZFS. - It just reduces the threat, it doesn't eliminate it. There's no guarantee whatsoever that the FUSE kernel-side shim is invulnerable to bad inputs, though hopefully it's been audited. Something that never touches the kernel would still be preferable. |
|
|