----- Original Message -----
From: "Chris Murphy" lists@colorremedies.com To: security@lists.fedoraproject.org Sent: Thursday, 13 February, 2014 3:16:34 AM Subject: btrfs snapshots, rollbacks
Shortish version:
On Fedora devel@, a concern has been raised regarding binaries with vulnerablities being persistently available via Btrfs snapshots in the normal file system hierarchy. This is a request for assessing the significance of this concern, and how to mitigate it. Therefore the context is rootfs on Btrfs.
The first email bringing up the concern is here: https://lists.fedoraproject.org/pipermail/devel/2014-January/194558.html
And a possible work around proposed here: https://lists.fedoraproject.org/pipermail/devel/2014-January/194620.html
How significant is the risk of stale binaries being persistently available in the normal file system hierarchy? Should something be done to either make sure they aren't persistently available (make sure they aren't available in the mounted file system hierarchy), and if they're mounted should noexec or nosuid be used?
As long as the old /bin and /usr/bin are not part of PATH, I'd say we've done our job. We can't protect the user from shooting himself in the foot in all cases.
The logs are a different matter, we should aim to preserve them. Dunno where journald is in this picture (binary log forward and backward compatibility).