Drawing lessons from fatal SELinux bug #1054350
jistone at redhat.com
Sat Jan 25 18:37:48 UTC 2014
On 01/25/2014 06:03 AM, Bruno Wolff III wrote:
> On Fri, Jan 24, 2014 at 20:40:28 -0800,
> Josh Stone <jistone at redhat.com> wrote:
>> My point was not about what root can do. Suppose there's a vulnerable
>> 'sudo' binary that gives everyone a root shell. If that binary is
>> available on any executable path, even readonly, that's trouble.
> That isn't true. File systems can be mounted such that suid bits are
> ignored. suid executables on such file systems are effectively just
> normal executables.
Ok, sure, you can mount -o nosuid,noexec,nodev ... but this isn't the
default for btrfs subvolume paths AFAIK. It needs to be a conscious
decision in whatever snapshot design we choose.
More information about the devel