Date: Wed, 7 Nov 2012 15:44:47 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Paul Schenkeveld <freebsd@psconsult.nl> Cc: freebsd-security@freebsd.org Subject: Re: md(4) (swap-base) disks not cleaned on creation Message-ID: <20121107134447.GO73505@kib.kiev.ua> In-Reply-To: <20121107131436.GA9838@psconsult.nl> References: <20121106184658.GA24262@psconsult.nl> <20121106192704.GM73505@kib.kiev.ua> <20121106195936.GA54581@psconsult.nl> <78F4278EFF694CCE85CA45D844D4A7BB@black> <20121107131436.GA9838@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZjlDoLon7m/fln42 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 07, 2012 at 02:14:36PM +0100, Paul Schenkeveld wrote: > On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote: > > An excellent example of where swap shouldn't be used. It isn't the use= of the swap file that is the issue, it is how the output of > > using swap is used. PHK was right in his advice to not use swap. > >=20 > > Good catch, nanobsd.sh should be changed. >=20 > I tend to disagree. Nanobsd.sh is just an example but there may be more > uses of swap-based md(4) devices where ultimately swap contents are > leaked to unprivileged users or processes. Des@ mentioned md(4) devices > made available to jails where the root inside the jail is definately not > the same as the root outside the jail. >=20 > All of us (I hope) have been educated with the wisdom that memory > returned by malloc() and friends is safe to use which may raise the > expectation (at least it did to me) that mdconfig'd memory follows the > same principles of security. It is reverse, malloc-ed memory is not guaranteed to have any predefined content. But is content does not cross security boundaries. --ZjlDoLon7m/fln42 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCaZc8ACgkQC3+MBN1Mb4iuUwCfRMHpeqVcwmRoX3rCGgR0XJHK MpkAoMd+C6Jd3gIjWxVFMwfu68MoiTPI =fF/Q -----END PGP SIGNATURE----- --ZjlDoLon7m/fln42--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121107134447.GO73505>