Your message dated Sat, 14 Dec 2013 23:53:39 -0500
with message-id <[email protected]>
and subject line mount: warns about *default* swapfile permissions
has caused the Debian Bug report #196857,
regarding mount: warns about *default* swapfile permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
196857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196857
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mount
Version: 2.11z-4
Severity: wishlist
Hi,
I created a swapfile with -rw-r--r-- permissions and swapon happily
accepts to swap on this file. This is a potential security hole
because the swapfile can contain memory areas from processes owned by
other users. These memory areas could contain sensitive information
such as passwords, etc.
This problem is most likely to happen since when one reads the mkswap
manpage there is no warning that a swapfile should have 600
permissions.
So here is my wishlist item: swapon should refuse to swap on a
swapfile with insecure permissions. It should at least give a strong
warning to the admin.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux irancy 2.4.20-3-k7 #1 Sun May 18 23:46:45 EST 2003 i686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro
Versions of packages mount depends on:
ii libc6 2.3.1-17 GNU C Library: Shared libraries an
-- no debconf information
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Version: 2.19.1-5
The fix was to hide the message when not using verbose mode. If you
use verbose mode, you get what you asked for. As for why the
permissions are wrong in wheezy I'm not sure. The udev rules that set
the permissions appear to be correct, and the permissions are correct
in jessie.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJSrTXPAAoJEI5FoCIzSKrwjZIH/1USO0xh6s6BLdgSiEyxYyGT
Ee4F/rxbfNwCLyARUywib1Swkmp3HEKD41sn1omfve2PTCgWjPLrRoOyBsQb6epX
COYuj1DPvctQi2K1TYfCN/SpYVbqnJybpx82zT93EoIkOPD8muPRyqEMNtIMyWoE
/4OahFzIYXvEn0ZvLxjQIXSHCl5Z9ilTe95BKYPemUnSc7OXQtrYO7vUNxBE6fQ7
tezq2kh4XSAq1NbC2W4aizeAWXWfJKqwA6WLAcJKW35R/OCJgr+yDR/iuokAtBUm
7HDOZXywV3Is4ilsGIfrf2qFUufG/JM/lIdk6UrrIf70ExQ/oWo9SlArBKVMoec=
=xGbD
-----END PGP SIGNATURE-----
--- End Message ---
