On 01/22/2016 08:01 AM, Tilman Schmidt wrote: > Am 21.01.2016 um 23:19 schrieb Sarah Newman: >> This patch does not break any existing behavior. The worst case possibility from accepting this patch is it will annoy some people, and best case it >> will save millions of devices from being shipped with insecure permissions. > > The worst case is it will train millions of administrators to ignore > warning messages. > If the warnings in swapon are legitimate, they are just as legitimate in mkswap if the file owner check is only done when mkswap is run as root. Regarding the legitimacy of the swapon warnings: do you honestly believe most of the people who will get these warnings will have intended to have world readable swap or swap owned as a non-root owner? When I search for "linux swap file" on google this is the second hit for me, the first being an arch linux wiki page: https://www.linux.com/news/software/applications/8208-all-about-linux-swap-space "centos swap file" top two hits https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-swap-creating-file.html https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-swap-adding.html I followed the instructions for CentOS on a CentOS 5 machine and it resulted in world readable swap. Those instructions came from Red Hat. If documentation from Red Hat gets it wrong, it's presumably a very common error. I made this mistake myself and I knew better. --Sarah -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
