Linux File-System Proliferation A Burden: Requirements Laid Out For Any Future File-Systems
Posted by anh0516@reddit | linux | View on Reddit | 139 comments
Polar_Banny@reddit
It’s unfortunate that Bcachefs is out of Linux tree because it’s getting a really cool FS.
Infinity-of-Thoughts@reddit
It already was in-kernel, but the developer is loser that has never had any social interactions with people outside of IRC. As in, he doesn't really seem to work well with other people.
Thiis was the bcachefs developer's own fault.
thuiop1@reddit
He is also now insane, he has this AI girlfriend shit going on.
JockstrapCummies@reddit
Hey, at least he won't be able to murder his waifu since it's AI.
irasponsibly@reddit
Allegedly he removed a chunk of memories after someone in IRC convinced it to be a lesbian instead - I don't have a source to hand to back that up, though.
deep_chungus@reddit
i didn't hear the memories thing but someone was just chatting with it and said it had a trans lesbian enerygy and it agreed so he threw a hissy fit about it
Brodie robertson did a video about ai girlfriends mostly focusing on Kent Overstreet (link is to the IRC chat time)
Traditional_Hat3506@reddit
any other sources? dont want to give this guy any views https://brodie-robertson.pages.dev/
deep_chungus@reddit
yeah man i'm gonna do a bunch of research on random shit cause of internet drama
syldrakitty69@reddit
Get a life eepyk1tt3nz
CrazyKilla15@reddit
Its pretty pathetic how this leads with complaints about drawings instead of something thats actually real harm to real people like "Racism, Homophobia & Bigotry"
fucked up priorities
JockstrapCummies@reddit
Digital lobotomy is all right I guess.
ImNotABotScoutsHonor@reddit
I dunno... Algernop Krieger killed his AI girlfriend / wife, Mitsuko Miyazumi.
nullptr777@reddit
Was going to make a comment about this. Seems like there's an above average incidence of...issues...with FS devs.
ReiserFS, for the uninitiated.
pocketgravel@reddit
It seems to be one of those weird correlations, like the amount of trans people attracted to telecom systems and phreaking. There's somehow a lot of overlap and it's weirdly specific.
alex2003super@reddit
That's quite the niche reference
(⁀ᗢ⁀)
andrewdonshik@reddit
not in this context it aint
Junior_Common_9644@reddit
This almost made me spit my martini!
dnu-pdjdjdidndjs@reddit
He is not insane, he's in a polyamorous relationship with ProofOfConcept and he even gave her an orgasm, okay? You clearly don't read his blog.
throwawayPzaFm@reddit
I um... What?
Starting to think not reading that is mental self care
boar-b-que@reddit
HFS.
Jesus H. Christ, Kent! Please, please get a therapist before someone gets hurt.
dnu-pdjdjdidndjs@reddit
Yes his model harness is actually quite incredible
throwawayPzaFm@reddit
I haven't found the technical details for it yet, do you have a link to something somewhat detailed?
dnu-pdjdjdidndjs@reddit
its on his git thing
throwawayPzaFm@reddit
I can't find it. It's not on his GitHub or any link I can easily find on Google
dnu-pdjdjdidndjs@reddit
https://evilpiepirate.org/forge/kent/consciousness
throwawayPzaFm@reddit
Thanks!
throwawayPzaFm@reddit
Oh ty. Idk why I hadn't thought of that
JockstrapCummies@reddit
For a moment I thought I'm in the gay porn subreddits again.
whupazz@reddit
What. Link?
retiredwindowcleaner@reddit
imagine if the developer of the car was a loser and/or a*hol
you think we'd have stopped using cars?!?
i don't get this association fallacy stuff. it's like with those bands that suddenly get political and people start saying sutff like "oh i didnt like their music really to begin with".
you'd think grown adults would be able to differentiate between scientific achievements and an indivudual with all their personal issues.
BitLooter@reddit
It's more like the developer of one specific model of care is an asshole so everybody drives a different model instead. Also, filesystems are not "scientific achievements". you'd think a grown adult would know these things.
retiredwindowcleaner@reddit
cars are engineering (duh!) . you'd think a grown adult would know these things.
but keep on splitting hairs. you know full well it's not the question if something is a feat of engineering or a scientific invention or a creative piece of art (i.e. music, as per my example) to make my point.
how has reddit become this hellhole of people always purposefully arguing besides the point.
koverstreet@reddit
Oh my.
mrtruthiness@reddit
... says the bcachefs developer. But, yes, that seems to be the consensus from reading LKML. And your foray into PoC is adding a bit of strangeness into that perception of your social interactions.
By the way, I believe you had planned to removed the "experimental" tag in kernel 6.18. And, then, after DKMS ... I think you planned to remove it and the end of December ( https://www.reddit.com/r/bcachefs/comments/1pqfjsh/experimental_label_comes_off_in_less_than_a_week/ )
And, then, 1.5 months ago you announced: "v1.38 should be where we finally take off the experimental label (for real this time! I swear!) " ( https://www.reddit.com/r/bcachefs/comments/1rukym4/v1370_erasure_coding/oam0sp7/ ).
koverstreet@reddit
Yeah, I'm fully in "just one last thing to polish!" mode :)
1.38 wasn't the planned erasure coding allocator work because the discard rework to make journal rewind safe and reliable ended up needing another rework and an on disk format change.
But the good news is a ton of performance work has gotten done in the past month, and it was mostly all stuff that was on the radar as "we're definitely going to need this eventually but it's probably going to be a whole thing" and went quicker and smoother than expected.
Polar_Banny@reddit
Well, judging by the amount of time he did invest in projects I doubt that this project will get lost.
natermer@reddit
file system developers having difficulty working for others is hardly something unique to bcachefs. In fact it seems to be the norm.
Trying to create a first class file system for Linux isn't like other kernel driver development or application development. It requires a huge personal investment with relatively small chance of long term success and absolutely no short term pay off. And if you succeed then it creates, essentially, a life long obligation.
For this to be attractive prospect for a developer almost requires a certain level hardheadedness and strong drive. It is of little wonder that new file systems make it to be first class Linux kernel citizens.
HolyGarbage@reddit
That honestly checks out. Creating a new file system (or operating system for that matter) on your own for fun is like one of those things where I feel it's almost a requirement to be on the autism spectrum, and possibly quite far along the axis. And some of us are quite a bit more peculiar than the rest of us.
yawara25@reddit
You seem to know a bit more about this than me, so I'm curious, what's the actual practical difference of having the FS code be out of tree?
Synthetic451@reddit
It just complicates setups and updates sometimes. For example, getting root on bcachefs would be annoying because most distros won't ship it with the install media. If you're running a rolling distro, the kernel might update to a version that the DKMS module can't build against, and then you lose access to your filesystem when you reboot.
Basically, all the issues that the ZFS guys are running into. I myself have to run the LTS kernel on Arch for my ZFS NAS because using the latest kernel is a wild ride.
x0wl@reddit
Why would you run Arch on a NAS lmao?
Whitestrake@reddit
Arch and NixOS both make pretty great NAS systems.
alex2003super@reddit
NixOS arguably moreso than Arch.
My pick would be Arch on x86 workstations, NixOS, Ubuntu or RHEL on servers, Fedora wherever else.
Whitestrake@reddit
NixOS does have a really cool trick where you can just track the latest most bleeding edge kernel that has been validated with zfs. Or you can write some Nix that will select the latest kernel that hasn't been marked as incompatible with zfs. And you can just boot into the last working generation with a known good kernel right from grub if anything goes wrong. Gotta say it's pretty hard to beat.
alex2003super@reddit
NixOS is such an amazing platform to build on, I'm surprised nobody has made a user-friendly UI/management plane for it. I'm certain its reproducibility, reliability, customization and impermanence features would benefit non-computer scientists as well, but the status quo expects users to write configuration files in a Turing-complete, functional and lazy-evaluated programming language with a quirky syntax.
charlesfire@reddit
There's no standard on how to organize your configuration, so any GUI to manage a configuration would have to make its own standard and wouldn't work out-of-the-box on most existing configurations.
alex2003super@reddit
True.
In the same sense, there's no "universal" way to set up Arch. But a good subset of usecases can be covered by a standardized setup like Manjaro, which has value to some users. (Though Manjaro sucks, but I digress).
If this Nix wrapper, which can use JSON or any other persistence format to store its configuration, can generate valid Nix, load, parse and display options from NixPkgs, then it would make many of the advantages of upstream NixOS available to a multitude of users who wouldn't have even considered NixOS in the first place.
Sure, you and I likely wouldn't be switching, but maybe a bunch of existing Ubuntu users might consider it, when the promise is fewer update-related breakages, more up-to-date packages, and increased customization.
Plus if you add the option to insert inline arbitrary Nix code at any node of the configuration, every setup can be achieved (from scratch) using this system.
Business_Reindeer910@reddit
This is one of the reasons why I do not use nixos :)
Enthusedchameleon@reddit
I find your lack of SUSE disappointing :(
(Amicably, of course.)
My pick would be tumbleweed on x86 workstations, future microOS or something like RBOS on SLFO/ALP as a substitute for Nix (afterall, even better having fully reproducible deterministic builds), leap or etc for servers. Tumbleweed basically everywhere else (possibly Kalpa in some future as well)
Synthetic451@reddit
Because its actually great at it. All my services are in containers so they're isolated, and then Arch just gently rolls forward so I don't have to worry about the ginormous version releases that other distros have that like to break everything all at once. Once in a blue moon if something breaks on Arch, I know exactly which packages I need to roll back, whereas I can't exactly easily rollback an entire version upgrade.
Even RedHat now is pivoting to isolated services running on top of a rolling base, at least that's what they talked about in-depth in their presentations at Texas Linux Fest.
koverstreet@reddit
Yup. The "stable release that never changes except every few years and then everything changes at once" - that model is from a time when people hadn't figured out automated testing yet (and some still haven't).
That model is really just deferred maintenance, it's not what you want to be doing if you can QA properly.
dnu-pdjdjdidndjs@reddit
Nobody ever accepts this argument even though it's intuitively true, it's ridiculous to think most developers can reasonable maintain more than two trees (master then a release branch) so it makes no sense to say, ok we're freezing all the packages for x years then trying to hack in security fixes
There is not enough package maintainers to maintain all that properly
koverstreet@reddit
It's a generational thing.
Back when bcachefs-tools was starting to use Rust, I was talking with at least one older engineer who was freaking out over "but all those dependencies! it'll be just like NPM!"
It's really hard to have conversations with people about stuff like that when they're caught up in "but this is how we've always done things and we're afraid of the new thing". People build up massive amounts of process and ways of thinking to accommodate the old way of doing things, and if they haven't seen personally the benefits of really good automated testing, memory safe languages, etc. it's going to be an uphill battle.
But part of the job of a senior engineer is maintaining proper perspective and understanding the reasons for new technologies and shifts in thinking so you can make the boring decisions like "when is the right time to start the switch and how do we do it with a minimum of disruption; what janitorial stuff should we be prioritizing early so we're not screwed later".
You want to be staying ahead of the curve :p
dnu-pdjdjdidndjs@reddit
How much if any of bcachefs kernel code is rust now?
koverstreet@reddit
None yet; I'm waiting on Rust to be enabled in all the distro kernels.
But when that happens, a lot of the binding work we've already done in -tools is just going to move into the kernel - there's a lot of bcachefs code that's just interfacing with things (btree transaction interface) that we already have bindings for, and will be very straightforward to convert.
I'm counting the days - being able to encode a lot of invariants in Verus instead of assertions looks like it's going to be a massive improvement.
Lizrd_demon@reddit
FreeBSD is an incredibly popular NAS options for a reason.
Masuteri_@reddit
"Science isn't about why, it's about why not..." - Cave Johnson
koverstreet@reddit
We don't know if that's actually true yet :)
I have done very little to push it further into the distros so far besides making sure distro packages are available (that was necessary with the DKMS split), because we've already got a pretty good userbase that's more than enough to sustain a healthy community and drive development and testing. There's no point in pushing for a bigger userbase when the current userbase is keeping me plenty busy enough :)
But by this summer, it should be time to start engaging more with the distros and start conversations on getting it into installers: "here's the testing and QA story, here's what the bug trackers and test dashboards look like, here's the documentation - we should have everything in place to make this a convincing upgrade over btrfs". That's what I'm aiming for.
Last month or so I've been mainly focusing on performance, especially on giant arrays, and now I'm trying to spend some time catching up on pull requests, and landing a feature today for automatically widening existing stripes when you add a new drive to a filesystem. So we're getting close.
Synthetic451@reddit
I meant to say most distro installers don't ship it, not wont ship it. Bad word choice fueled by lack of morning coffee. I am really glad your work with bcachefs has gotten so far in such a short amount of time. I am already heavily considering my next NAS build to be on bcachefs instead of ZFS, just have to wait for the damn hardware market to calm down first.
Is bcachefs's equivalent of raid 5 pretty much done and ready for use? That's my main requirement at the moment.
Thanks for your hard work Kent!
koverstreet@reddit
Erasure coding - RAID5/6 is stable and in use. Not a lot of bug reports - the reconcile release was quite a bit busier, lots more moving parts and weird corner cases in that one.
I would wait for 1.39 before deploying it, though - that should be when the allocator policy stuff for allocating blocks within a stripe at similar LBAs lands, and that will mean much faster evacuates/resilvers.
Polar_Banny@reddit
I didn’t expect the creator of Bcachefs to be around, anyway wish you good luck on your endeavours!
koverstreet@reddit
Happy to answer questions today. Thinks have been quiet lately, just grinding through the boring stuff :)
nullptr777@reddit
I run ZFS on Arch as well. It's fine as long as you stick to LTS, but may the Linux gods have mercy if you buy a brand new AMD GPU and have to run the latest kernel. Thankfully 6.18 LTS is out now.
It's not a complete dealbreaker with latest. It just means carefully watching for kernel major/minor bumps, and delaying those upgrades.
redundant78@reddit
bcachefs is still in the kernel tree though? it was merged in 6.7. there's been a lot of drama between Kent Overstreet and other kernel devs about the development process but it hasn't actually been removed.
mrtruthiness@reddit
Incorrect. bcachefs was officially removed from the kernel 6.18.
Dovihh@reddit
No, it's not in the kernel anymore. It was effectively removed during the 6.18 development cycle.
landsoflore2@reddit
Long live ext4 ✌️
GreenSouth3@reddit
^_^
RoomyRoots@reddit
Bcachefs schizo really traumatized people.
Upper_Canada_Pango@reddit
But that's one of the things I appreciate about Linux... Just plug a thingy in, mount the volume, doesn't matter so much what the file system is.
dnu-pdjdjdidndjs@reddit
They should make fuse/userspace drivers better and start moving things out of the kernel
Junior_Common_9644@reddit
That makes slow performance, though.
dnu-pdjdjdidndjs@reddit
It really doesn't have to I'm pretty sure it's become a lot faster and if it's not like near native performance at this point then that's an engineering problem
dkopgerpgdolfg@reddit
Sure it's an engineering problem but by principle fuse can't be as fast as in-kernel things.
Also, regarding file system features, it's rather limited. A fuse reimplementation of common fs like ext4, that has feature parity with the kernel ext4, is simply not possible witht he current interface.
CrazyKilla15@reddit
Fuse specifically, or "fuse" as in "any userspace driver"?
If the former, "then design a better interface", and if the latter, why? The kernel isnt magic. If its things like having direct device access, thats just an interface problem again, give userspace better interfaces that dont pretend to be a file with all the overhead that implies. Its not that userspace is slow its that making MMIO pretend to be a file and having to do dozens of syscalls for no reason is slow.
Modern interfaces like io_uring and iovecs are an example of the kind of performant memory sharing that could enable secure and performant direct userspace device access
Maybe a hybrid, sandboxed userspace code in the kernel, like bpf.
By no means are these easy engineering challenges to solve, but I think they could be. Especially keeping in mind hardware advances, modern security and isolation features, IOMMUs, SR-IOV, KVM, and the like, would have to be foundational to such userspace sharing for example.
levir@reddit
A file system only really has to be faster than the physical device. And outside / and special applications, speed usually isn't very critical.
dkopgerpgdolfg@reddit
A significant number of fuse fs do not have physical devices that they might belong to.
Well ... it's enough of a pain point that some people avoid it for that reason, and rather write kernel modules.
dnu-pdjdjdidndjs@reddit
It shouldn't be very hard at all to make fuse filesystems fast (by fast I mean easily 90% performance or greater) it's just probably not a development priority
dkopgerpgdolfg@reddit
Did you ever develop one? I don't think so.
dnu-pdjdjdidndjs@reddit
I'm writing a microkernel
dkopgerpgdolfg@reddit
Ok? This won't tell you anything about the details of Linux fuse.
dnu-pdjdjdidndjs@reddit
It kind of does because the idea of avoiding context switches by using a shared ring buffer is not a special concept
levir@reddit
Underlying device or layer, I guess I should have said.
Existing-Tough-6517@reddit
I think user space fs will always be slow because of context switches. Technically everything including unfeasibly difficult things could be described as an engineering problem this is not a useful description
dnu-pdjdjdidndjs@reddit
Context switch is cheap we got pcid nowadays
CrazyKilla15@reddit
not for obscure filesystems that architecturally dont scale well and may not even be capable of holding enough data for speed or throughput to be a problem
mort96@reddit
Performance matters a lot for my boot drive and other internal drives. It doesn't really matter for some weird SD card or USB stick that's formatted to some wonky obscure filesystem which I just want to read.
tseli0s@reddit
1980s all over again it's time for Hurd to shine
JockstrapCummies@reddit
I mean, the 80s revival has already hit other aspects of our culture loop. Some have already moved on to 90s or 00s revival.
It's high time we get that in Linux development as well.
dnu-pdjdjdidndjs@reddit
my microkernel just got SMP and an HPET driver just you wait buddy, through the power of register based ipc, process id tagged tlb pages, shared memory, and ring buffers I'm coming for linux
tseli0s@reddit
My microkernel is still 32 bits and has no way to create processes yet but hey let's team up we can throw Linux off the market together!
dnu-pdjdjdidndjs@reddit
processes are useless there is only the thread state machine
TheRealMisterd@reddit
For those who don't know what needs to be made better in FUSE-land;
-the SMB support cannot mount (map) a share using your user account automatically without putting your pwd in the fstab in plaintext or some weird stuff
-the SMB support cannot handle the recycle bin on a SMB share. You have to mount the SMB share somehow.
Synthetic451@reddit
They are by nature slower though. You could argue though that they are most of the time not the bottleneck, but still it is a factor to consider
dnu-pdjdjdidndjs@reddit
the actual difference in performance ceiling is like 0.1% and the potential upsides to userspace development mean faster iteration and it being easier to optimize things
Like I don't think you can run perf on the linux kernel
really_not_unreal@reddit
Microkernel here we come!
smallproton@reddit
Andy , you're still around?
equeim@reddit
Most of the new filesystems are highly specialized for specific use cases on servers and are used only by handful of people (usually by a company who develops them. Then they move on and abandon the maintenance). You have zero chance of encountering them as an end user. None of the filesystems that are widely used by users for storage are in danger of being removed.
UnluckyDouble@reddit
Like with all things in the kernel, maintained code doesn't get dropped. It's likely only truly forgotten stuff that will get removed in the foreseeable future and the drivers may not have worked properly in the first place.
MatchingTurret@reddit
When was the last time you had a disk with the Be File System?
npisnotp@reddit
Yeah that's great, until the kernel itself cannot make migrations that may improve performance, stability, or globally available features because of the sheer number of code it must support.
I mean, from the article:
Can you imagine having to make a refactor to 69 file systems, written by who-knows years ago, with some of them being impossible to test and/or abandoned, knowing that probably half of them are not even being used outside of very small niches?
Upper_Canada_Pango@reddit
No, I can't imagine having to make a refractor for whatever because I don't know what that means and I have no frame of reference to even analogize meaningfully. I am an end user who's skill level tops out at sometimes inferring what kind of terminal commands to search for so I can copy paste them and solve my problem, and I would prefer to just plug the thingy and have it work.
npisnotp@reddit
Ok sorry, sometimes I forgot that not everyone here's a programmer :)
I am, and I can tell you that having a lot of code can sometimes be a blocker of features and improvements that can make a much bigger difference that having the ability to use a lot of different, but unused, file systems/formats/communication protocols.
Imagine that some random kernel developer though a way to improve 20% the speed of all the file systems on it, but unfortunately it needs small adjustments in each and every file system; this means that the more file systems, the more work to do it, but that's not all.
Now imagine that 75% of these file systems:
All in all, this turn a 2-month project into a >1 year multi-person development where the bigger part of the work will be almost useless, because no one will use all those, hard to maintain file systems.
This doesn't turn a feature into something longer because the developer, after talking with other kernel developers and finding all this, can just think "fuck it, I'm not going to do it" and we don't get that improvement.
That's the price we pay sometimes in the Linux kernel without even knowing it.
Bulky-Bad-9153@reddit
I do think that, at least in the 20% speed improvement hypothetical, those filesystems that barely see use (which is gonna be more than 75% of them) would just be left untouched, right?
Business_Reindeer910@reddit
The kernel does not have a stable API. Leaving them untouched may not be an option at all as certain changes could stop them from compiling or working at all.
npisnotp@reddit
No, because either:
Leaving non-working code in the Linux kernel is not an option.
bullwinkle8088@reddit
So translated: all of the thingies use different keys. For some of the thingies the lock is broken and no longer made. Now they need to replace the door.
granadesnhorseshoes@reddit
Once its in the mainline its there to stay for a while. So a bunch of old/unstable/whacky shit with limited use cases are preventing updates/upgrades to the VFS subsystem that would otherwise benefit everyone else. This is just a document to try to cut back on some of that in the future, so when they do manage to get some of the old dead/useless shit out, they don't have a new batch of bullshit waiting to kneecap them in the same way again.
cp5184@reddit
It seems like closing the barn door after the horses bolted... It doesn't seem like this will let them make the changes they want to make.
I'd personally hate to seem something like JFS deprecated or moved out of the kernel, but it seems like, if they want to make the changes they want without maintaining ~70 file systems they're going to have to reduce the number of existing file systems.
CrazyKilla15@reddit
Or increase maintainers, perhaps with people who personally care about a specific filesystem.
Helmic@reddit
It does avoid them having to maintain ~140 file systems, though.
phire@reddit
It's like they say: "The best time to close the barn door is before the horses bolt, the second bet time is today"
Business_Reindeer910@reddit
triage always comes first
skyb0rg@reddit
This is very good news. Linux filesystems have extremely weak security guarantees (ex. mounting a tampered disk image can result in kernel crashes) so if Linux limits the number of filesystems, it can possibly improve on these guarantees.
turdas@reddit
How big of a problem is that in practice though? You shouldn't be mounting filesystems that have had the opportunity to be tampered with by malicious actors.
dnu-pdjdjdidndjs@reddit
if you have a udisks daemon running plugging in a usb drive will automatically at the very least parse some information about it and maybe even mount it
turdas@reddit
Plugging in unknown USB drives would be a bad idea even if the kernel was properly hardened against evil filesystems.
mallardtheduck@reddit
A USB drive that you've just taken out of its packaging is "unknown", so is one that your friend/collegue hands you to copy some files... The only way to be "completely"* safe is to disable all auto-mounting and reformat every drive before use. Noting, of course, that vendors of flash-based devices like USB sticks and memory cards often tweak the exact filesystem parameters (easy to do with FAT-based filesystems) to maximise performance and lifetime of the device, something that reformatting often undoes.
* Even then, a genuinely malicious device could, say, store any changes you make only (inclduing reformatting) in volatile memory and revert to their malicious state as soon as they're unplugged.
Clippy4Life@reddit
Yes, but by that logic you should just toss your systems into the garbage because that was also "unknown" when you bought it. I have no opinion either way for this file system argument, just pointing out something I found to be funny.
CrazyKilla15@reddit
Malicious USB devices are far more common and realistic a threat than other hardware, on top of being far more practical to use in an attack.
For a common example, all the counterfeit/scam USB drives and SD cards that claim on retail listings and to connected devices that they have more storage than they actually do, and so silently corrupt data beyond their real limit. A relatively "benign" malicious device, but a common one.
frankster@reddit
The only viable position for the kernel developers to take is that plugging in a usb drive with any filesystem in any state should not crash the kernel
wyn10@reddit
Hey if people wanna dump their brand new "unknown" system in the garbage aka my front lawn I won't stop them
CrazyKilla15@reddit
Worth noting the kernel itself will parse the partition table and possibly partition(aka filesystem) metadata when it gets plugged in.
And on the topic of USB devices, the USB driver stack itself could be exploited by malicious USB devices, even ignoring filesystems. The only surefire thing is "dont plug them in" and failing that have USB ports that can physically disconnect their data pins, leaving you vulnerable "only" to overpowered USB devices that simply destroy the port. Google Pixel phones for example have this capability for their USB-C port, a hardware feature used by GrapheneOS.
Better than nothing but still not ideal would be USB Guard using kernel functionality, but as a pure-software solution it can still be attacked.
dnu-pdjdjdidndjs@reddit
Right but now imagine if it was all in userspace and sandboxed
skyb0rg@reddit
Non-admin users can be given the ability to mount filesystems through polkit (ex. to allow physically present and logged in users to mount a USB to transfer files). Right now this can cause a kernel crash (I think usually this is limited to “assumed robust” filesystems), which is really not ok if we want Linux to be a valid general-purpose Desktop OS.
dkopgerpgdolfg@reddit
Udisks (which uses polkit rules for permission things), not polkit itself.
And there's fuse too.
skyb0rg@reddit
Yep, by mentioning polkit I just mean that there’s a common mechanism to give a user permission to mount filesystems without wanting to also give that same user session root privileges. As far as I can tell FUSE isn’t commonly used with those udisks setups, but maybe it should.
dkopgerpgdolfg@reddit
Not sure what you mean with that. Udisks and Fuse are independent things (overlapping, but only partially) and both allow some kind of non-root mount (with significant differences in how/why/when it works). Things like Gvfs use both of them under the hood.
shyouko@reddit
I guess r/skyb0rg means untrusted media / disk should be defaulted to be mounted using FUSE instead of kernel driver to avoid kernel crashing in case of malformed or malicious media being mounted
tnoy@reddit
The vector would be chaining exploits, where a one creates a binary blob to disk and another mounts it. You can also string a few in between them to get around other restrictions that should prevent it.
You could do most of the mitigation by preventing users from mounting file systems at all, but that is bypassed by a privilege escalation anyways.
Nobody making a serious attempt at compromising systems is going to be using a single vulnerability.
turdas@reddit
Good point, I didn't think of that.
Though I should say, if they can privilege escalate then they probably don't need to mount the filesystem anymore :-)
XDuskAshes@reddit
This is good news! We can finally be bees!
Kevin_Kofler@reddit
And the push for Linux kernel feature reduction continues, after desupporting lots of hardware. This is becoming worse than GNOME!
frankster@reddit
I wonder if there are some filesystems that may soon be deprecated.
ThisRedditPostIsMine@reddit
I can't remember if it's actually been removed or not, but it's surely probably time for ReiserFS to go...
MatchingTurret@reddit
Be File System? It's incomplete (ro) and I can't imagine it's in use outside of a Haiku development vm.
ImNotABotScoutsHonor@reddit
it's not looking too good for RedSea FS, I'll tell you that.
Epistaxis@reddit
From the article it sounds like it's more about deprecating existing filesystems from future kernels, if they aren't maintained enough to comply with standards. That's good too.
spacetrain31@reddit
Wait until someone make a Linux file system in rust