md(4) (swap-base) disks not cleaned on creation
Konstantin Belousov
kostikbel at gmail.com
Wed Nov 7 13:47:10 UTC 2012
On Wed, Nov 07, 2012 at 01:36:55PM +0100, Dag-Erling Sm??rgrav wrote:
> Konstantin Belousov <kostikbel at gmail.com> writes:
> > It is definitely not a security issue.
>
> I disagree. There may be legitimate reasons for root to create an md
> and give read access to an unprivileged user, under the assumption that
> it is zeroed; or to allow root in a jail to create mds.
I disagree, but lets this settle. I will commit a fix today.
>
> DES
> --
> Dag-Erling Sm??rgrav - des at des.no
>
> > That said, the following patch should fix the nit. I am unsure about
> > it, because it fixes mostly non-issue by spending CPU time to zero a
> > page which would be either zeroed or overwritten right now anyway in
> > normal usage.
>
> You can at least partly mitigate this by adding VM_ALLOC_ZERO to the
> flags passed to vm_page_grab() on line 666 and then checking the PG_ZERO
> bit in m->flags.
This is worse, since now you deprive the zero pool even for the case
when the page is successfully read from the swap later. My patch only
zeroes pages which do not have any content to fill.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121107/274f2fdc/attachment.sig>
More information about the freebsd-security
mailing list