Date: Wed, 7 Nov 2012 14:14:36 +0100 From: Paul Schenkeveld <freebsd@psconsult.nl> To: freebsd-security@freebsd.org Subject: Re: md(4) (swap-base) disks not cleaned on creation Message-ID: <20121107131436.GA9838@psconsult.nl> In-Reply-To: <78F4278EFF694CCE85CA45D844D4A7BB@black> References: <20121106184658.GA24262@psconsult.nl> <20121106192704.GM73505@kib.kiev.ua> <20121106195936.GA54581@psconsult.nl> <78F4278EFF694CCE85CA45D844D4A7BB@black>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote: > An excellent example of where swap shouldn't be used. It isn't the use of the swap file that is the issue, it is how the output of > using swap is used. PHK was right in his advice to not use swap. > > Good catch, nanobsd.sh should be changed. I tend to disagree. Nanobsd.sh is just an example but there may be more uses of swap-based md(4) devices where ultimately swap contents are leaked to unprivileged users or processes. Des@ mentioned md(4) devices made available to jails where the root inside the jail is definately not the same as the root outside the jail. All of us (I hope) have been educated with the wisdom that memory returned by malloc() and friends is safe to use which may raise the expectation (at least it did to me) that mdconfig'd memory follows the same principles of security. -- Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121107131436.GA9838>