[This is a link to a Mastodon infosec topic. I've completely editorialized the page title, so am posting as Tell HN instead.] [Edit: Well, I submitted it that way. HN stripped the "Tell HN:". The original page's title is pretty useless, so don't know what the proper thing to do is.]
EXT (all versions) has a filesystem flag telling the kernel to panic on FS error. In the link, Will Dormann demonstrates inserting a USB key with a malicous image and instantly rebooting the PC.
In this case, the laptop had USB auto-mounting enabled. However, I believe this should apply to any mounts against user-modifiable or -specifiable sources. NFS, FUSE, user namespaces, even local files with "-o loop" option. And the MOUNT(8) man page has this interesting tidbit:
Since util-linux 2.35, mount does not exit when user permissions are
inadequate according to libmount’s internal security rules. Instead, it
drops suid permissions and continues as regular non-root user. This
behavior supports use-cases where root permissions are not necessary
(e.g., fuse filesystems, user namespaces, etc).
EXT (all versions) has a filesystem flag telling the kernel to panic on FS error. In the link, Will Dormann demonstrates inserting a USB key with a malicous image and instantly rebooting the PC.
In this case, the laptop had USB auto-mounting enabled. However, I believe this should apply to any mounts against user-modifiable or -specifiable sources. NFS, FUSE, user namespaces, even local files with "-o loop" option. And the MOUNT(8) man page has this interesting tidbit: