On 02/13/2014 03:16 AM, Chris Murphy wrote:
How significant is the risk of stale binaries being persistently available in the normal file system hierarchy? Should something be done to either make sure they aren't persistently available (make sure they aren't available in the mounted file system hierarchy), and if they're mounted should noexec or nosuid be used?
This is similar to security measurements (version status and malware scanning) on suspend virtual machines or their snapshots. I think a considerable amount of cycles has been spent on trying to address it there. The libvirt folks might already have something.
-- Florian Weimer / Red Hat Product Security Team -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
