btrfs snapshots, rollbacks
Hubert Kario
hkario at redhat.com
Thu Feb 13 12:11:50 UTC 2014
----- Original Message -----
> From: "Chris Murphy" <lists at colorremedies.com>
> To: security at lists.fedoraproject.org
> Sent: Thursday, 13 February, 2014 3:16:34 AM
> Subject: btrfs snapshots, rollbacks
>
> Shortish version:
>
> On Fedora devel@, a concern has been raised regarding binaries with
> vulnerablities being persistently available via Btrfs snapshots in the
> normal file system hierarchy. This is a request for assessing the
> significance of this concern, and how to mitigate it. Therefore the context
> is rootfs on Btrfs.
>
> The first email bringing up the concern is here:
> https://lists.fedoraproject.org/pipermail/devel/2014-January/194558.html
>
> And a possible work around proposed here:
> https://lists.fedoraproject.org/pipermail/devel/2014-January/194620.html
>
> How significant is the risk of stale binaries being persistently available in
> the normal file system hierarchy? Should something be done to either make
> sure they aren't persistently available (make sure they aren't available in
> the mounted file system hierarchy), and if they're mounted should noexec or
> nosuid be used?
As long as the old /bin and /usr/bin are not part of PATH, I'd say we've
done our job. We can't protect the user from shooting himself in the foot
in all cases.
The logs are a different matter, we should aim to preserve them. Dunno where
journald is in this picture (binary log forward and backward compatibility).
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
http://wiki.brq.redhat.com/hkario
Email: hkario at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the security
mailing list