Bug#196857: marked as done (mount: warns about *default* swapfile permissions)

Thu, 31 Oct 2013 06:42:23 -0700 

Your message dated Thu, 31 Oct 2013 09:29:49 -0400
with message-id <[email protected]>
and subject line mount: warns about *default* swapfile permissions
has caused the Debian Bug report #196857,
regarding mount: warns about *default* swapfile permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
196857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196857
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mount
Version: 2.11z-4
Severity: wishlist


Hi,

I created a swapfile with -rw-r--r-- permissions and swapon happily
accepts to swap on this file.  This is a potential security hole
because the swapfile can contain memory areas from processes owned by
other users.  These memory areas could contain sensitive information
such as passwords, etc.

This problem is most likely to happen since when one reads the mkswap
manpage there is no warning that a swapfile should have 600
permissions.

So here is my wishlist item: swapon should refuse to swap on a
swapfile with insecure permissions.  It should at least give a strong
warning to the admin.


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux irancy 2.4.20-3-k7 #1 Sun May 18 23:46:45 EST 2003 i686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro

Versions of packages mount depends on:
ii  libc6                         2.3.1-17   GNU C Library: Shared libraries an

-- no debconf information

--- End Message ---
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version: 2.19.1-5

It seems this was fixed some time ago.  As for complaining about the
sticky bit, it should not be set on dev nodes.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJScltNAAoJEJrBOlT6nu75ym0IALEdVk94U12rkWkkVxFMYDm5
za2Fz25+nrLVmA9IqelwDnpMMecHi//HpGdvQz/VJIttuwfTmgVtl+yiJ6iitb2n
092ekqFRYDbeMVcCxDtygc5B9xkxn7Qwn9sobxkTNPopcqP8gFZ6e/Msq/7iGpgh
8Jn4LfiCBK2p47PkEKN/8li8cUS7XxT6x17GgS+YmXWcJ29l0FQ81SjCcpMNL5DX
K8gEPeWD8YFQIvRRyJx8zWgzc6IMBy4TVL/Th7h4j71tr3qQIsDK1X3VvZW2b/wy
Cgmow9q3cK5RdxrFBeOfn5s/ok8y8b48jVTFzNC6j6RXwQfDCKYk//U0fL/TCGc=
=MeO5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to