Drawing lessons from fatal SELinux bug #1054350

Josh Stone jistone at redhat.com
Sat Jan 25 18:37:48 UTC 2014

On 01/25/2014 06:03 AM, Bruno Wolff III wrote:
> On Fri, Jan 24, 2014 at 20:40:28 -0800,
>    Josh Stone <jistone at redhat.com> wrote:
>> My point was not about what root can do.  Suppose there's a vulnerable
>> 'sudo' binary that gives everyone a root shell.  If that binary is
>> available on any executable path, even readonly, that's trouble.
> That isn't true. File systems can be mounted such that suid bits are 
> ignored. suid executables on such file systems are effectively just 
> normal executables.

Ok, sure, you can mount -o nosuid,noexec,nodev ... but this isn't the
default for btrfs subvolume paths AFAIK.  It needs to be a conscious
decision in whatever snapshot design we choose.

More information about the devel mailing list