md(4) (swap-base) disks not cleaned on creation
Konstantin Belousov
kostikbel at gmail.com
Wed Nov 7 13:44:54 UTC 2012
On Wed, Nov 07, 2012 at 02:14:36PM +0100, Paul Schenkeveld wrote:
> On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote:
> > An excellent example of where swap shouldn't be used. It isn't the use of the swap file that is the issue, it is how the output of
> > using swap is used. PHK was right in his advice to not use swap.
> >
> > Good catch, nanobsd.sh should be changed.
>
> I tend to disagree. Nanobsd.sh is just an example but there may be more
> uses of swap-based md(4) devices where ultimately swap contents are
> leaked to unprivileged users or processes. Des@ mentioned md(4) devices
> made available to jails where the root inside the jail is definately not
> the same as the root outside the jail.
>
> All of us (I hope) have been educated with the wisdom that memory
> returned by malloc() and friends is safe to use which may raise the
> expectation (at least it did to me) that mdconfig'd memory follows the
> same principles of security.
It is reverse, malloc-ed memory is not guaranteed to have any predefined
content. But is content does not cross security boundaries.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121107/c7996c97/attachment.sig>
More information about the freebsd-security
mailing list