From: Karel Zak <kzak@redhat.com>
To: Bernhard Voelker <mail@bernhard-voelker.de>
Cc: util-linux@vger.kernel.org, mp.lists@free.fr
Subject: Re: Accessibility of swap files
Date: Wed, 21 Nov 2012 11:08:52 +0100 [thread overview]
Message-ID: <20121121100852.GC2006@x2.net.home> (raw)
In-Reply-To: <535592290.498944.1352219102253.JavaMail.open-xchange@email.1und1.de>
On Tue, Nov 06, 2012 at 05:25:02PM +0100, Bernhard Voelker wrote:
> On November 6, 2012 at 4:06 PM mp.lists@free.fr wrote:
> > Hi *,
> >
> > I think, measures can|should be taken, which reduce the probability of having
> > a
> > swap file inadvertently run with too open permissions.
well, you need root permissions to use swapon, the swap devices and
files are defined in /etc/fstan which is writable by root only.
I have doubts that we have to make the system so paranoid and
resistant to admin's bugs. And if you really need this level of
paranoia then use SELinux (or so) rather than expect hardcoded rules
in swapon(8).
> > As a first idea, it looks, as if such may be implemented, eg. by
> > letting swapon [and fstab-based "mounting"] by default not enable a swap
> > file, if it has non-root access permissions
>
> Did you know?
> The swapon utility issues a warning diagnostic with --verbose:
>
> # ls -l /tmp/swapfile
> -rw-r--r-- 1 berny users 134217728 Nov 6 17:03 /tmp/swapfile
>
> # sbin/swapon -v /tmp/swapfile
> swapon /tmp/swapfile
> swapon: /tmp/swapfile: insecure permissions 0644, 0600 suggested.
> swapon: /tmp/swapfile: insecure file owner 1000, 0 (root) suggested.
> swapon: /tmp/swapfile: found swap signature: version 1, page-size 4, same byte
> order
> swapon: /tmp/swapfile: pagesize=4096, swapsize=134217728, devsize=134217728
this waring is there since year 1999.. so it's really nothing new.
> BTW: the check for the owner has been added in 2.19
> (in commit v2.18-88-g306c1df).
>
> I don't know if refusing to swapon insecure swap files is a good
> idea (see below).
>
> > || letting mkswap by default ignore too open settings of umask and create
> > the
> > swap file mod 0600 instead.
sorry, this is nonsense
> You don't need root privs to run mkswap. Furthermore, mkswap
> doesn't create the swap file (in terms of calling creat()).
yep, you can use cp(1) or dd(1) to create the file as a copy...
> Instead, it just writes to it.
> Nevertheless, I think a warning would be enough/nice at this stage.
>
> > In both cases, an explicit switch|parameter could enable the present,
> > non-restrictive behaviour.
>
> Changing behavior is not always a good idea for compatibility reasons,
> and therefore deserves *good* arguments.
Yes, I don't see good arguments.
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
next prev parent reply other threads:[~2012-11-21 10:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-06 15:06 Accessibility of swap files mp.lists
2012-11-06 16:25 ` Bernhard Voelker
2012-11-21 10:08 ` Karel Zak [this message]
2012-11-21 13:46 ` Sami Kerola
2012-11-21 15:00 ` Karel Zak
-- strict thread matches above, loose matches on Subject: below --
2012-12-07 19:14 mp.lists
2013-01-08 12:19 ` Karel Zak
2012-12-07 19:18 mp.lists
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121121100852.GC2006@x2.net.home \
--to=kzak@redhat.com \
--cc=mail@bernhard-voelker.de \
--cc=mp.lists@free.fr \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).