Date: Fri, 10 Nov 1995 02:22:21 -0800 From: Faried Nawaz <fn@pain.csrv.uidaho.edu> To: hackers@freebsd.org Subject: vnconfig question. Message-ID: <199511101022.CAA10981@pain.csrv.uidaho.edu>
next in thread | raw e-mail | index | archive | help
hi, 1) yesterday, the news machine ran out of swap (80mb doesn't cut it...), and i decided to create a swapfile. i did (as root) dd if=/dev/zero of=/x/b/swapfile bs=1k count=16384 vnconfig -v -e /dev/vn0c /x/b/swapfile swap later, today, i was looking around on the box, and saw -rw-rw-r-- 1 root wheel 16777216 Nov 8 23:06 swapfile ie, read perms for everyone on the swapfile. this is (obviously) bad for security. i guess if i'd thought a bit more about what i was doing, and had remembered to umask 077 or chmod og-r swapfile, this would not be a problem. i'm not sure everyone will always do that, though. does it make sense to change vnconfig to automatically adjust the permissions of a vnode file upon configuring, or to warn the user? if so, should it do that upon configuring for any file, or for just swapfiles (i'm guessing swapfiles only)? i hacked together a patch which would change the permissions on the swapfile if vnconfig -e ... ... swap is used. it's a bad patch because (i think!) people can do vnconfig -c /dev/vn0b /blah/swapfile swapon /dev/vn0b and it does nothing to the swapfile in that case. here's the patch (against -current): *** vnconfig.c-ORIG Thu Nov 9 22:27:45 1995 --- vnconfig.c Fri Nov 10 02:01:22 1995 *************** *** 301,311 **** */ if (flags & VN_ENABLE) { if (flags & VN_SWAP) { ! rv = swapon(dev); if (rv) ! perror("swapon"); ! else if (verbose) ! printf("%s: swapping enabled\n", dev); } if (flags & (VN_MOUNTRO|VN_MOUNTRW)) { struct ufs_args args; --- 301,326 ---- */ if (flags & VN_ENABLE) { if (flags & VN_SWAP) { ! struct stat st; ! ! rv = stat(file, &st); if (rv) ! perror("stat"); ! else { ! if (st.st_mode & S_IRGRP || ! st.st_mode & S_IROTH) { ! rv = chmod(vndisks[0].file, S_IRUSR); ! if (rv) ! perror("chmod"); ! else { ! rv = swapon(dev); ! if (rv) ! perror("swapon"); ! else if (verbose) ! printf("%s: swapping enabled\n", dev); ! } ! } ! } } if (flags & (VN_MOUNTRO|VN_MOUNTRW)) { struct ufs_args args; faried.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511101022.CAA10981>