----- Original Message -----
From: "Chris Murphy" <lists(a)colorremedies.com>
To: security(a)lists.fedoraproject.org
Sent: Thursday, 13 February, 2014 3:16:34 AM
Subject: btrfs snapshots, rollbacks
Shortish version:
On Fedora devel@, a concern has been raised regarding binaries with
vulnerablities being persistently available via Btrfs snapshots in the
normal file system hierarchy. This is a request for assessing the
significance of this concern, and how to mitigate it. Therefore the context
is rootfs on Btrfs.
The first email bringing up the concern is here:
https://lists.fedoraproject.org/pipermail/devel/2014-January/194558.html
And a possible work around proposed here:
https://lists.fedoraproject.org/pipermail/devel/2014-January/194620.html
How significant is the risk of stale binaries being persistently available in
the normal file system hierarchy? Should something be done to either make
sure they aren't persistently available (make sure they aren't available in
the mounted file system hierarchy), and if they're mounted should noexec or
nosuid be used?
As long as the old /bin and /usr/bin are not part of PATH, I'd say we've
done our job. We can't protect the user from shooting himself in the foot
in all cases.
The logs are a different matter, we should aim to preserve them. Dunno where
journald is in this picture (binary log forward and backward compatibility).
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
http://wiki.brq.redhat.com/hkario
Email: hkario(a)redhat.com
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic