btrfs snapshots, rollbacks
Florian Weimer
fweimer at redhat.com
Thu Feb 13 12:15:32 UTC 2014
On 02/13/2014 03:16 AM, Chris Murphy wrote:
> How significant is the risk of stale binaries being persistently
> available in the normal file system hierarchy? Should something be done
> to either make sure they aren't persistently available (make sure they
> aren't available in the mounted file system hierarchy), and if they're
> mounted should noexec or nosuid be used?
This is similar to security measurements (version status and malware
scanning) on suspend virtual machines or their snapshots. I think a
considerable amount of cycles has been spent on trying to address it
there. The libvirt folks might already have something.
--
Florian Weimer / Red Hat Product Security Team
More information about the security
mailing list