From owner-freebsd-hackers  Fri Nov 10 02:22:42 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id CAA15660
          for hackers-outgoing; Fri, 10 Nov 1995 02:22:42 -0800
Received: from pain.csrv.uidaho.edu (root@pain.csrv.uidaho.edu [129.101.114.109])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id CAA15655
          for <hackers@freebsd.org>; Fri, 10 Nov 1995 02:22:33 -0800
Received: from pain.csrv.uidaho.edu (fn@localhost [127.0.0.1]) by pain.csrv.uidaho.edu (8.6.12/8.6.9) with ESMTP id CAA10981 for <hackers@freebsd.org>; Fri, 10 Nov 1995 02:22:24 -0800
Message-Id: <199511101022.CAA10981@pain.csrv.uidaho.edu>
To: hackers@freebsd.org
Subject: vnconfig question.
X-Web: <"http://www.hungry.com:8000/">
X-OS: 4.4BSD derivatives.
X-Disclaimer: THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
X-AT&T: YOU WILL
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <10975.815998940.1@pain.csrv.uidaho.edu>
Date: Fri, 10 Nov 1995 02:22:21 -0800
From: Faried Nawaz <fn@pain.csrv.uidaho.edu>
Sender: owner-hackers@freebsd.org
Precedence: bulk

hi,

1)


yesterday, the news machine ran out of swap (80mb doesn't cut it...), and
i decided to create a swapfile.  i did (as root)

	dd if=/dev/zero of=/x/b/swapfile bs=1k count=16384
	vnconfig -v -e /dev/vn0c /x/b/swapfile swap


later, today, i was looking around on the box, and saw

-rw-rw-r--  1 root  wheel  16777216 Nov  8 23:06 swapfile


ie, read perms for everyone on the swapfile.

this is (obviously) bad for security.  i guess if i'd thought a
bit more about what i was doing, and had remembered to umask 077
or chmod og-r swapfile, this would not be a problem.  i'm not
sure everyone will always do that, though.

does it make sense to change vnconfig to automatically adjust the
permissions of a vnode file upon configuring, or to warn the user?
if so, should it do that upon configuring for any file, or for just
swapfiles (i'm guessing swapfiles only)?


i hacked together a patch which would change the permissions on the
swapfile if vnconfig -e ... ... swap is used.  it's a bad patch because
(i think!) people can do

	vnconfig -c /dev/vn0b /blah/swapfile
	swapon /dev/vn0b

and it does nothing to the swapfile in that case.

here's the patch (against -current):


*** vnconfig.c-ORIG	Thu Nov  9 22:27:45 1995
--- vnconfig.c	Fri Nov 10 02:01:22 1995
***************
*** 301,311 ****
  	 */
  	if (flags & VN_ENABLE) {
  		if (flags & VN_SWAP) {
! 			rv = swapon(dev);
  			if (rv)
! 				perror("swapon");
! 			else if (verbose)
! 				printf("%s: swapping enabled\n", dev);
  		}
  		if (flags & (VN_MOUNTRO|VN_MOUNTRW)) {
  			struct ufs_args args;
--- 301,326 ----
  	 */
  	if (flags & VN_ENABLE) {
  		if (flags & VN_SWAP) {
! 			struct stat st;
! 
! 			rv = stat(file, &st);
  			if (rv)
! 				perror("stat");
! 			else {
! 				if (st.st_mode & S_IRGRP ||
! 					st.st_mode & S_IROTH) {
! 					rv = chmod(vndisks[0].file, S_IRUSR);
! 					if (rv)
! 						perror("chmod");
! 					else {
! 						rv = swapon(dev);
! 						if (rv)
! 							perror("swapon");
! 						else if (verbose)
! 							printf("%s: swapping enabled\n", dev);
! 					}
! 				}
! 			}
  		}
  		if (flags & (VN_MOUNTRO|VN_MOUNTRW)) {
  			struct ufs_args args;



faried.