Re: swapfile security weakeness
H. Peter Anvin (hpa@transmeta.com)
6 Nov 1998 05:53:32 GMT
Followup to: <Pine.LNX.3.96.981106004606.603H-100000@red.prv>
By author: "Mike A. Harris" <mharris@ican.net>
In newsgroup: linux.dev.kernel
>
> On Thu, 5 Nov 1998, Jakub Vlasek wrote:
>
> >Hi,
> >i've found that active swapfile could be deleted, which is
> >IMHO very dangerous (set immutable flag on in sys_swapon call?). Also,
> >sys_swapon should check whether owner of swapfile is root and is readable
> >only to root ( memory readableby anyone? hmm...)
> >
> >J.Vlasek
>
> KUDOS TO YOU!!!! I actually *DID* that about a year and a half
> ago. I had 2 swap files and didn't need them both. I swapoff'd
> one of them and deleted the wrong one. As a result I got major
> kernel panics until the system froze, then when I rebooted I had
> hard disk corruption on partitions that weren't even mounted in
> Linux. I lost my D: drive in MSDOS which took 8 hours of
> fiddling and reconstructing in Norton Diskedit to recover some
> files.
>
> So, I agree, something should really be done to fix that, even if
> only in userland.
>
swapon should keep a handle on the inode, which means the file won't
be removed from the physical media even if it is unlinked (just like
open files aren't.)
-hpa
--
PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74
See http://www.zytor.com/~hpa/ for web page and full PGP public key
I am Bahá'í -- ask me about it or see http://www.bahai.org/
"To love another person is to see the face of God." -- Les Misérables
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/