Date: Sat, 11 Nov 1995 02:38:36 +1100 From: Bruce Evans <bde@zeta.org.au> To: fn@pain.csrv.uidaho.edu, hackers@FreeBSD.org Subject: Re: vnconfig question. Message-ID: <199511101538.CAA11179@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>-rw-rw-r-- 1 root wheel 16777216 Nov 8 23:06 swapfile >ie, read perms for everyone on the swapfile. >this is (obviously) bad for security. i guess if i'd thought a >does it make sense to change vnconfig to automatically adjust the >permissions of a vnode file upon configuring, or to warn the user? >if so, should it do that upon configuring for any file, or for just >swapfiles (i'm guessing swapfiles only)? The largest hole is for a user-writeable file system image that gets mounted. There's nothing vnconfig can do about that except to refuse to config it. >i hacked together a patch which would change the permissions on the >swapfile if vnconfig -e ... ... swap is used. it's a bad patch because >(i think!) people can do > vnconfig -c /dev/vn0b /blah/swapfile > swapon /dev/vn0b >and it does nothing to the swapfile in that case. Perhaps the file permissions should be at least as restrictive as the most restrictive vn device permission. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511101538.CAA11179>