On November 6, 2012 at 4:06 PM mp.lists@xxxxxxx wrote: > Hi *, > > I think, measures can|should be taken, which reduce the probability of having > a > swap file inadvertently run with too open permissions. > > As a first idea, it looks, as if such may be implemented, eg. by > letting swapon [and fstab-based "mounting"] by default not enable a swap > file, if it has non-root access permissions Did you know? The swapon utility issues a warning diagnostic with --verbose: # ls -l /tmp/swapfile -rw-r--r-- 1 berny users 134217728 Nov 6 17:03 /tmp/swapfile # sbin/swapon -v /tmp/swapfile swapon /tmp/swapfile swapon: /tmp/swapfile: insecure permissions 0644, 0600 suggested. swapon: /tmp/swapfile: insecure file owner 1000, 0 (root) suggested. swapon: /tmp/swapfile: found swap signature: version 1, page-size 4, same byte order swapon: /tmp/swapfile: pagesize=4096, swapsize=134217728, devsize=134217728 BTW: the check for the owner has been added in 2.19 (in commit v2.18-88-g306c1df). I don't know if refusing to swapon insecure swap files is a good idea (see below). > || letting mkswap by default ignore too open settings of umask and create > the > swap file mod 0600 instead. You don't need root privs to run mkswap. Furthermore, mkswap doesn't create the swap file (in terms of calling creat()). Instead, it just writes to it. Nevertheless, I think a warning would be enough/nice at this stage. > In both cases, an explicit switch|parameter could enable the present, > non-restrictive behaviour. Changing behavior is not always a good idea for compatibility reasons, and therefore deserves *good* arguments. Let Karel decide. > PS: I'm speaking as of util-linux-ng version 2.17.2. I'm speaking about the latest version in Git. ;-) Have a nice day, Berny -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
