[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Filesystem mounts in user namespaces

Filesystem mounts in user namespaces

Posted Aug 6, 2015 16:59 UTC (Thu) by nybble41 (subscriber, #55106)
In reply to: Filesystem mounts in user namespaces by Wol
Parent article: Filesystem mounts in user namespaces

> Or indeed, any hard drive ...

Sure, but unlike USB, untrusted users are rarely permitted access to a SATA or SCSI port. If the user has that level of physical access then there isn't much anyone can do—they could replace the entire system if they wanted—but a Linux-powered kiosk in a public place should be able to read and write user-provided USB storage devices (or SD cards, etc.) without major security issues due to assumptions in the filesystem layer.

to post comments

Filesystem mounts in user namespaces

Posted Aug 6, 2015 18:35 UTC (Thu) by raven667 (subscriber, #5198) [Link] (3 responses)

That may not be practically achievable because it requires a large body of code to be perfect, which will never happen, given that you can't make a large body of code perfect, what's your next plan for containing the risk? How about a small system which handles the USB and filesystem that passes just the file data over an internal network to the main system, so the actual attack vector against the main system is that file passing network interface which can be made much simpler than all of USB and filesystem drivers.

In most cases people will just eat the risk and deal with the fact that kiosks can be broken into if you try, putting a keylogger on the kiosk might not even reduce its usability such that the owner even cares, certainly not enough to pay more money to increase security.

Filesystem mounts in user namespaces

Posted Aug 7, 2015 2:01 UTC (Fri) by nybble41 (subscriber, #55106) [Link] (2 responses)

> How about a small system which handles the USB and filesystem that passes just the file data over an internal network to the main system...

You mean like a microkernel? Kidding aside, this wouldn't be too hard to do with User-Mode Linux and FUSE. I think there is already a project to allow FUSE mounts of any supported filesystem with UML; it just needs support for disk images backed by libusb.

Filesystem mounts in user namespaces

Posted Aug 7, 2015 2:58 UTC (Fri) by raven667 (subscriber, #5198) [Link]

> You mean like a microkernel?

Haha, we are already well into microkernel territory when we talk about VMs or containers. The whole idea of microkernels is to use the hardware memory protection to enforce separation between services, which is what VMs and containers do, rather than any specific implementation. You could break the system into sections for hardware interaction, sections for user interaction and backend data storage with VMs to enforce the separation.

Filesystem mounts in user namespaces

Posted Aug 7, 2015 15:56 UTC (Fri) by ewan (guest, #5533) [Link]

>You mean like a microkernel?

If you're building a real kiosk it could even be hardware. Taking a photo printing kiosk for example, the USB/SD card readers could be connected to a simple device (even down to the level of an Arduino-esque microcontroller) that then transfers files over a limited interface to the real system that prints things, drives touchscreens, and takes credit card payments.

Filesystem mounts in user namespaces

Posted Aug 7, 2015 0:58 UTC (Fri) by dlang (guest, #313) [Link]

> Sure, but unlike USB, untrusted users are rarely permitted access to a SATA or SCSI port

you haven't noticed that laptops and wireless access points are shipping with external SATA ports on them. In fact, I've seen a few USB3/eSATA combined ports


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds