Re: btrfs snapshots, rollbacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 13, 2014 at 3:16 AM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
How significant is the risk of stale binaries being persistently available in the normal file system hierarchy?
 Depending on the vulnerability being fixed, up to "critical".

Should something be done to either make sure they aren't persistently available (make sure they aren't available in the mounted file system hierarchy)
Yes.
 
and if they're mounted should noexec or nosuid be used?
Probably; A possible alternative would be to mount them into /$snapshots, where $snaphosts is 0700 root-only (and protected by SELinux to only an unconfined administrator) - but without SELinux a root-owned process with no capabilities would still be able to access the files.
 
Because the snapshot is located within a mounted subvolume, it makes the snapshot's stale binaries persistently available. So restating the earlier question, is this a security risk, how significant is it, and is it worth changing the behavior?

Yes, very, and yes.  (The risk is that there is a security vulnerability in a setuid-root program, and making the vulnerable application runnable by unprivileged users keeps the vulnerability exploitable.  It doesn't matter whether the file is in PATH, or where exactly it is located, as long any process that doesn't have the privileges of an unconfined system administrator can access it.)
    Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux