It's easier to exploit somebody's computer using a USB drive, because it can do things like pretend to be a keyboard and spoof your inputs, and because the attack surface is "every USB driver", but we have to assume a skilled attacker can do just as much damage with a DVD+R. AFAIK, no kernel filesystem driver is designed to be robust against maliciously crafted filesystems, and FUSE is not designed to be a security boundary. If you're taking security seriously you have to take the same precautions with each, e.g. disabling automount, and only mounting them in a disposable VM and accessing the files over the network.
And even this might not be enough. Is your OS's partition table code robust against malicious input? I don't think there's any way to disable reading the partition table in Linux when a new block device is detected. In this case even copying a single file to/from the raw device with dd might not be secure.
And even this might not be enough. Is your OS's partition table code robust against malicious input? I don't think there's any way to disable reading the partition table in Linux when a new block device is detected. In this case even copying a single file to/from the raw device with dd might not be secure.