On Wed, Mar 29, 2017 at 10:46 PM, Duncan <1i5t5.dun...@cox.net> wrote: > Tim Cuthbertson posted on Wed, 29 Mar 2017 18:20:52 -0500 as excerpted: > >> So, another question... >> >> Do I then leave the top level mounted all the time for snapshots, or >> should I create them, send them to external storage, and umount until >> next time? > > Keep in mind that because snapshots contain older versions of whatever > they're snapshotting, they're a potential security issue, at least if > some of those older versions are libs or binaries. Consider the fact > that you may have had security-updates since the snapshot, thus leaving > your working copies unaffected by whatever security vulns the updates > fixed. If the old versions remain around where normal users have access > to them, particularly if they're setuid or similar, they have access to > those old and now known vulns in setuid executables! (Of course users > can grab vulnerable versions elsewhere or build them themselves, but they > can't set them setuid root unless they /are/ root, so finding an existing > setuid-root executable with known vulns is finding the keys to the > kingdom.) > > So keeping snapshots unmounted and out of the normally accessible > filesystem tree by default is recommended, at least if you're at all > concerned about someone untrusted getting access to a normal user account > and being able to use snapshots with known vulns of setuid executables as > root-escalation methods. > > Another possibility is setting the snapshot subdir 700 perms, so non- > super-users can't normally access anything in it anyway. Of course > that's a problem if you want them to have access to snapshots of their > own stuff for recovery purposes, but it's useful if you can do it. > > Good admins will do both of these at once if possible as they know and > observe the defense-in-depth mantra, knowing all too well how easy a > single layer of defense yields to fat-fingering or previously unknown > vulns. > > -- > Duncan - List replies preferred. No HTML msgs. > "Every nonfree program has a lord, a master -- > and if you use the program, he is your master." Richard Stallman > > -- > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html
Thank you, Duncan. I will try to take all that into consideration. These are really just fairly simple personal home systems, but security is still important. Tim Cuthbertson -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
