From: Sarah Newman <srn@prgmr.com>
To: Karel Zak <kzak@redhat.com>
Cc: kerolasa@gmail.com, Tilman Schmidt <tilman@imap.cc>,
"Wayne R. Roth" <wayneroth42@gmail.com>,
util-linux <util-linux@vger.kernel.org>
Subject: Re: [PATCH] mkswap: Add warnings for insecure device permissions/owners
Date: Tue, 26 Jan 2016 08:28:35 -0800 [thread overview]
Message-ID: <56A79EB3.8040002@prgmr.com> (raw)
In-Reply-To: <20160126104204.sls4bbcxocoscbcc@ws.net.home>
On 01/26/2016 02:42 AM, Karel Zak wrote:
> On Sun, Jan 24, 2016 at 11:09:47AM +0000, Sami Kerola wrote:
>> On 23 January 2016 at 16:22, Karel Zak <kzak@redhat.com> wrote:
>>> On Fri, Jan 22, 2016 at 10:03:47PM +0000, Sami Kerola wrote:
>>>> Alternatively one could make swapon to get rid of all permission bits
>>>> and set ownership to UID 0 by default when ever it activates a
>>>> swapfile. How about that.
>>>
>>> Not sure if want to change any permissions on the fly, it would be
>>> better to reject files (by swapon) with insecure permissions and
>>> require something like --force for crazy users who wants to ignore
>>> this problem.
>>
>> Why not completely optional?
>>
>> $ swapon --path-permissions [ignore|complain|stop|fix]
>
> I don't think we want to merge another functionality to swapon. The
> warnings are enough. For the rest we have ch{own,mod}.
>
> Let's Keep It Simple and Stupid. We all love kisses, right? :-)
Hi Karel,
Your original suggestion for swapon to require '--force' for insecure permissions seems like the most sane thing to do - it protects the user without
adding a lot of knobs. Presumably there would need to a "force" option for fstab too.
But implementing that without advance notice could lead to broken systems. Maybe it would make sense to add the --force option now and change the
warning to indicate that in future versions of swapon, insecure permissions used without --force will be rejected. Then in a couple of years actually
implement that change.
If you agree this is sane behavior appropriate for upstream, I'll get you a patch for swapon.
--Sarah
next prev parent reply other threads:[~2016-01-26 16:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-19 18:37 [PATCH] mkswap: Add warnings for insecure device permissions/owners Wayne R. Roth
2016-01-19 19:44 ` Mike Frysinger
2016-01-20 4:17 ` [PATCH] mkswap: Add warnings for insecure device permissions/owners Logic modified from sys-utils/swapon.c Wayne R. Roth
2016-01-20 4:58 ` Mike Frysinger
2016-01-20 6:09 ` [PATCH] mkswap: add " Wayne R. Roth
2016-01-26 10:35 ` Karel Zak
2016-01-20 9:39 ` [PATCH] mkswap: Add warnings for insecure device permissions/owners Sami Kerola
2016-01-20 10:30 ` Karel Zak
2016-01-21 22:19 ` Sarah Newman
2016-01-22 16:01 ` Tilman Schmidt
2016-01-22 19:14 ` Sarah Newman
2016-01-22 22:03 ` Sami Kerola
2016-01-23 16:22 ` Karel Zak
2016-01-24 11:09 ` Sami Kerola
2016-01-25 19:55 ` Sami Kerola
2016-01-26 10:42 ` Karel Zak
2016-01-26 16:28 ` Sarah Newman [this message]
2016-01-25 21:39 ` Sarah Newman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56A79EB3.8040002@prgmr.com \
--to=srn@prgmr.com \
--cc=kerolasa@gmail.com \
--cc=kzak@redhat.com \
--cc=tilman@imap.cc \
--cc=util-linux@vger.kernel.org \
--cc=wayneroth42@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox