----- Original Message ----- > From: "Chris Murphy" <lists@xxxxxxxxxxxxxxxxx> > To: security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Thursday, 13 February, 2014 3:16:34 AM > Subject: btrfs snapshots, rollbacks > > Shortish version: > > On Fedora devel@, a concern has been raised regarding binaries with > vulnerablities being persistently available via Btrfs snapshots in the > normal file system hierarchy. This is a request for assessing the > significance of this concern, and how to mitigate it. Therefore the context > is rootfs on Btrfs. > > The first email bringing up the concern is here: > https://lists.fedoraproject.org/pipermail/devel/2014-January/194558.html > > And a possible work around proposed here: > https://lists.fedoraproject.org/pipermail/devel/2014-January/194620.html > > How significant is the risk of stale binaries being persistently available in > the normal file system hierarchy? Should something be done to either make > sure they aren't persistently available (make sure they aren't available in > the mounted file system hierarchy), and if they're mounted should noexec or > nosuid be used? As long as the old /bin and /usr/bin are not part of PATH, I'd say we've done our job. We can't protect the user from shooting himself in the foot in all cases. The logs are a different matter, we should aim to preserve them. Dunno where journald is in this picture (binary log forward and backward compatibility). -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team http://wiki.brq.redhat.com/hkario Email: hkario@xxxxxxxxxx Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
