debcrafters-packages team mailing list archive

Thread
Date

[Bug 2114945] Re: block less common filesystems by default

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <2114945@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Jun 2025 23:55:22 -0000
Reply-to: Bug 2114945 <2114945@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

mdeslaur raised some good points about ksmbd that I think are compelling
enough to remove it from this blocklist:

- it doesn't match the "insert a shady usb" attack vector
- my opinion on it might be overly shaded from 2021 status https://lore.kernel.org/lkml/202109221850.003A16EC1@keescook/#t and not reflective of the years of effort since
- it's on the way up, the others are on the way down

furthermore,

- since it's not really a filesystem in the way the others are
filesystems, even if we still decide to blocklist it in a future
release, an administrator might not "look" for it in this specific file.

Are there any other changes that we should consider before we upload
this?

Thanks

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to kmod in Ubuntu.
https://bugs.launchpad.net/bugs/2114945

Title:
  block less common filesystems by default

Status in kmod package in Ubuntu:
  New

Bug description:
  The Linux kernel supports a lot of different filesystem types. This is
  cool, it's part of what makes Linux so flexible and helped bring Linux
  to the mainstream. However, quality of filesystem implementations
  varies wildly and the upstream kernel community doesn't consider flaws
  in filesystems to be security issues: https://lore.kernel.org/linux-
  fsdevel/20250407-biegung-furor-e7313ca9d712@brauner/

  Ubuntu has decided to make it easy for users to mount filesystems, for
  better or for worse.

  The filesystems that have had less dedicated bug hunting bring
  significant risk to Ubuntu users. We can make it harder to mount these
  filesystem types without affecting most Ubuntu users through some
  simple module blocklisting. System administrators can still enable
  these other filesystem types with relatively easy efforts and everyone
  else will have reduced risk of ring 0 privilege escalation issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/2114945/+subscriptions

References

[Bug 2114945] [NEW] block less common filesystems by default
From: Seth Arnold, 2025-06-18