[This is a link to a Mastodon infosec topic. I've completely editorialized the page title, so am posting as Tell HN instead.] [Edit: Well, I submitted it that way. HN stripped the "Tell HN:". The original page's title is pretty useless, so don't know what the proper thing to do is.]<p>EXT (all versions) has a <i>filesystem</i> flag telling the kernel to panic on FS error. In the link, Will Dormann demonstrates inserting a USB key with a malicous image and instantly rebooting the PC.<p>In this case, the laptop had USB auto-mounting enabled. However, I believe this should apply to <i>any</i> mounts against user-modifiable or -specifiable sources. NFS, FUSE, user namespaces, even local files with "-o loop" option. And the MOUNT(8) man page has this interesting tidbit:<p><pre><code> Since util-linux 2.35, mount does not exit when user permissions are
inadequate according to libmount’s internal security rules. Instead, it
drops suid permissions and continues as regular non-root user. This
behavior supports use-cases where root permissions are not necessary
(e.g., fuse filesystems, user namespaces, etc).</code></pre>