On Thu, Oct 19, 2006 at 12:33:28PM -0700, Douglas Phillipson wrote: > Can a non-root or even a root owned process access the swap space. non-root: no. (unless the user is a member of group 'disk' -- which by default, no user should be) root: yes, but at that point, you've lost anyway, and there are far more fun things to do than scribble on swap space. I'm not 100% certain, but SELinux may also add an additional restriction to who can touch raw disks. You may need policy adjustments if you're running in enforcing mode. It's certainly doable, I'm just not sure if our current policy enforces this. > file on Windows which probably makes it easier than Linux. Swap on > Linux typically is a unformatted file system, but can be a file in the > file system if desired. That file won't be writable by anyone other than root. The key phrase in that pdf is this.. "Vista allows usermode app to get raw access to disk" G A M E O V E R . This is pretty damned amazing that they haven't considered this a fundamental security problem, as it bypasses any form of access controls that are placed on files, allowing for all sorts of fun even without owning the box as described in this paper. > As I understand the exploit, Microsoft has > implemented a policy with Vista that only drivers "Signed" by Microsoft > can be installed on Vista. This "Paging" exploit completely bypasses > this requirement, easily. The whole notion of pagable device drivers is utter lunacy to begin with. Combined with the above brain damage, it's trivially exploitable, and unless they fix this before GA, I wouldn't be surprised if a whole slew of malware starts abusing this. Dave -- http://www.codemonkey.org.uk -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list