New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 787496 link

Starred by 0 users
Status: Available
Owner: ----
Cc:
amistry@chromium.org
benchan@chromium.org
weifangsun@chromium.org
vapier@chromium.org
satorux@chromium.org
uekawa@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

cros-disks should mount iso9660 via FUSE

Project Member Reported by vapier@chromium.org, Nov 21 2017 
splitting off from issue 787303

atm iso9660 is mounted using the kernel driver.  that means people can download any file into Downloads and get it read/parsed directly by the kernel FS layer ... any bugs in that driver means immediate kernel access.

libarchive has support for iso9660 and many common extensions:
  https://github.com/libarchive/libarchive/wiki/FormatISO9660

that means my WGU extension should be able to mount it via NaCl:
  https://chrome.google.com/webstore/detail/mljpablpddhocfbnokacjggdbmafjnon

is there any reason to keep this enabled at the OS level ?  metrics (in issue 787303) indicate this is lowish.

Comment 1 by benchan@chromium.org, Nov 21 2017 

iso9660 file isn't a supported "archive" type in Files.app, i.e. cros-disks doesn't service a request to mount a .iso file in Downloads folder

The current iso9660 support is for mounting a CD/DVD on an external CD/DVD drive as a filesystem.

Comment 2 by vapier@chromium.org, Nov 21 2017 

gotcha, so WGU is already the way to mount an ISO image in the Files app.  we still have the same attack surface, but it's a little bit harder (burn the malformed image, then plug it in via USB).

replumbing the raw device node to chronos/Files app is probably not an improvement (due to ioctl exposure).

so is the best we can do here is move to a fuse implementation like archivemount ?
  http://www.cybernoia.de/software/archivemount/
it uses libarchive to parse iso9660 images.

Comment 3 by sashab@chromium.org, Feb 22 2018

Labels: CrOS-FilesApp-ExternalMedia

Comment 4 by sashab@chromium.org, Feb 28 2018

Labels: -CrOS-FilesApp-ExternalMedia CrOSFilesFeature-ExternalMedia

Comment 5 by amistry@chromium.org, Jul 26

Cc: amistry@chromium.org
Is this issue still valid? We need iso9660 kernel support for physical CD disks (not images). I can't see a good way (I can see bad ways) or reason to remove it.

Comment 6 by vapier@chromium.org, Jul 26

Summary: cros-disks should mount iso9660 via FUSE (was: drop iso9660 (CD disc images) support from default CrOS)
it's still valid in the sense that we're exposing the kernel directly to removable media which is bad for security.  we shouldn't have a system where inserting a CD-ROM into a USB drive can result in immediate & full system exploit.  i'm not saying there are any such known bugs today, but if there were, we have 0 layers of defense here.

Comment 7 by amistry@chromium.org, Jul 27 

We do this for FAT32, ext2/3/4, UDF, and HFS+. Is iso9660 any different from those?

Comment 8 by vapier@google.com, Jul 27 

every user that hits the kernel directly is a problem. we should have a bug per filesystem to migrate them as needed.

I started with iso9660 as I had hoped to just delete it and be done.

Sign in to add a comment