From: Bernhard Voelker <mail@bernhard-voelker.de>
To: util-linux@vger.kernel.org, mp.lists@free.fr
Subject: Re: Accessibility of swap files
Date: Tue, 6 Nov 2012 17:25:02 +0100 (CET) [thread overview]
Message-ID: <535592290.498944.1352219102253.JavaMail.open-xchange@email.1und1.de> (raw)
In-Reply-To: <1352214367.5099275f85792@imp.free.fr>
On November 6, 2012 at 4:06 PM mp.lists@free.fr wrote:
> Hi *,
>
> I think, measures can|should be taken, which reduce the probability of having
> a
> swap file inadvertently run with too open permissions.
>
> As a first idea, it looks, as if such may be implemented, eg. by
> letting swapon [and fstab-based "mounting"] by default not enable a swap
> file, if it has non-root access permissions
Did you know?
The swapon utility issues a warning diagnostic with --verbose:
# ls -l /tmp/swapfile
-rw-r--r-- 1 berny users 134217728 Nov 6 17:03 /tmp/swapfile
# sbin/swapon -v /tmp/swapfile
swapon /tmp/swapfile
swapon: /tmp/swapfile: insecure permissions 0644, 0600 suggested.
swapon: /tmp/swapfile: insecure file owner 1000, 0 (root) suggested.
swapon: /tmp/swapfile: found swap signature: version 1, page-size 4, same byte
order
swapon: /tmp/swapfile: pagesize=4096, swapsize=134217728, devsize=134217728
BTW: the check for the owner has been added in 2.19
(in commit v2.18-88-g306c1df).
I don't know if refusing to swapon insecure swap files is a good
idea (see below).
> || letting mkswap by default ignore too open settings of umask and create
> the
> swap file mod 0600 instead.
You don't need root privs to run mkswap. Furthermore, mkswap
doesn't create the swap file (in terms of calling creat()).
Instead, it just writes to it.
Nevertheless, I think a warning would be enough/nice at this stage.
> In both cases, an explicit switch|parameter could enable the present,
> non-restrictive behaviour.
Changing behavior is not always a good idea for compatibility reasons,
and therefore deserves *good* arguments.
Let Karel decide.
> PS: I'm speaking as of util-linux-ng version 2.17.2.
I'm speaking about the latest version in Git. ;-)
Have a nice day,
Berny
next prev parent reply other threads:[~2012-11-06 16:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-06 15:06 Accessibility of swap files mp.lists
2012-11-06 16:25 ` Bernhard Voelker [this message]
2012-11-21 10:08 ` Karel Zak
2012-11-21 13:46 ` Sami Kerola
2012-11-21 15:00 ` Karel Zak
-- strict thread matches above, loose matches on Subject: below --
2012-12-07 19:14 mp.lists
2013-01-08 12:19 ` Karel Zak
2012-12-07 19:18 mp.lists
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535592290.498944.1352219102253.JavaMail.open-xchange@email.1und1.de \
--to=mail@bernhard-voelker.de \
--cc=mp.lists@free.fr \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).