Snapshots can expose sensitive data


#1

Hi, when using the command “snap save” data will be copied from the home directory (~/snap/) to the var directory (/var/lib/snapd/snapshots/).

In case the home directory is encrypted that means data will be copied from an encrypted to an unencrypted location which can be a big security issue.

Example:

On my laptop the home directory is encrypted. If the laptop gets lost/stolen my data are not accessible. However if I did “snap save firefox” before all Firefox data (logins, passwords, bookmarks, history) are unencrypted under /var and exposed to anyone who has access to the laptop.


#2

Yes, in the scenario you described, they can.

First of all please note having your home encrypted and only decrypted on login is liable to fall foul of the limitations of snapd. If you need to have your home encrypted I recommend you opt for full-disk encryption instead.

Second, from 2.39 note snap remove will run an automatic snap save. To address your concerns, disable this with snap set system snapshots.automatic.retention=no.

Third, and again to address your concerns, don’t run snap save.


#3

Thanks for your answer.

I was not aware that snaps are not supported with encrypted home directories. Thats a quite a tough one as snaps aim to be a format that “work across Linux on any distribution or version”.

Tbh its fine for me as I will just don’t use the save command and disable auto-snapshots on all systems I manage.

But I still think it is a huge security issue as many user will not know about this and think they are protected with an encrypted home.