From owner-freebsd-security@FreeBSD.ORG  Wed Nov  7 13:14:43 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 962C7D29
 for <freebsd-security@freebsd.org>; Wed,  7 Nov 2012 13:14:43 +0000 (UTC)
 (envelope-from freebsd@psconsult.nl)
Received: from mx1.psconsult.nl (unknown [IPv6:2001:7b8:30f:e0::5059:ee8a])
 by mx1.freebsd.org (Postfix) with ESMTP id 43D838FC12
 for <freebsd-security@freebsd.org>; Wed,  7 Nov 2012 13:14:42 +0000 (UTC)
Received: from mx1.psconsult.nl (mx1.hvnu.psconsult.nl [46.44.189.154])
 by mx1.psconsult.nl (8.14.5/8.14.4) with ESMTP id qA7DEaW7010051
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <freebsd-security@freebsd.org>; Wed, 7 Nov 2012 14:14:41 +0100 (CET)
 (envelope-from freebsd@psconsult.nl)
Received: (from paul@localhost)
 by mx1.psconsult.nl (8.14.5/8.14.4/Submit) id qA7DEaVa010050
 for freebsd-security@freebsd.org; Wed, 7 Nov 2012 14:14:36 +0100 (CET)
 (envelope-from freebsd@psconsult.nl)
X-Authentication-Warning: mx1.psconsult.nl: paul set sender to
 freebsd@psconsult.nl using -f
Date: Wed, 7 Nov 2012 14:14:36 +0100
From: Paul Schenkeveld <freebsd@psconsult.nl>
To: freebsd-security@freebsd.org
Subject: Re: md(4) (swap-base) disks not cleaned on creation
Message-ID: <20121107131436.GA9838@psconsult.nl>
References: <20121106184658.GA24262@psconsult.nl>
 <20121106192704.GM73505@kib.kiev.ua>
 <20121106195936.GA54581@psconsult.nl>
 <78F4278EFF694CCE85CA45D844D4A7BB@black>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <78F4278EFF694CCE85CA45D844D4A7BB@black>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2012 13:14:43 -0000

On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote:
> An excellent example of where swap shouldn't be used.  It isn't the use of the swap file that is the issue, it is how the output of
> using swap is used.  PHK was right in his advice to not use swap.
> 
> Good catch, nanobsd.sh should be changed.

I tend to disagree.  Nanobsd.sh is just an example but there may be more
uses of swap-based md(4) devices where ultimately swap contents are
leaked to unprivileged users or processes.  Des@ mentioned md(4) devices
made available to jails where the root inside the jail is definately not
the same as the root outside the jail.

All of us (I hope) have been educated with the wisdom that memory
returned by malloc() and friends is safe to use which may raise the
expectation (at least it did to me) that mdconfig'd memory follows the
same principles of security.

--
Paul Schenkeveld