File System Dedupe Security Implications

Much like the Feng Shui attacks on KSM memory dedupe, filesystem dedupe also introduces privacy problems that violate hypervisor data leaks boundaries. These may develop into advanced attacks on security in the future just like RAM based attacks did. ZFS and Btrfs have dedupe features but they are not enabled by default.

https://mjg59.dreamwidth.org/55638.html

@Patrick where do I document this? It is a general security tip that sysadmins should be aware of IMO.

1 Like

Done.

1 Like

Awesome!