Christoph Anton Mitterer posted on Tue, 24 Nov 2015 22:25:50 +0100 as excerpted:
>> Then there's the security angle to consider. With the (basically, >> possibly modified as I suggested) flat layout, mounting something >> doesn't automatically give people in-tree access to nested subvolumes >> (subject to normal file permissions, of course), like nested layout >> does. And with (possibly modified) flat layout, the whole subvolume >> tree doesn't need to be mounted all the time either, only when you're >> actually working with subvolumes. > Uhm, I don't get the big security advantage here... whether nested or > manually mounted to a subdir,... if the permissions are insecure I'll > have a problem... if they're secure, than not. Consider a setuid-root binary with a recently publicized but patched on your system vuln. But if you have root snapshots from before the patch and those snapshots are nested below root, then they're always accessible. If the path to the vulnerable setuid is as user accessible as it likely was in its original location, then anyone with login access to the system is likely to be able to run it from the snapshot... and will be able to get root due to the vuln. On a flat layout, a snapshot with the vuln would have to be mounted before it could be accessed, as otherwise it'd be outside the mounted tree. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
