md(4) (swap-base) disks not cleaned on creation
    Konstantin Belousov 
    kostikbel at gmail.com
       
    Wed Nov  7 13:44:54 UTC 2012
    
    
  
On Wed, Nov 07, 2012 at 02:14:36PM +0100, Paul Schenkeveld wrote:
> On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote:
> > An excellent example of where swap shouldn't be used.  It isn't the use of the swap file that is the issue, it is how the output of
> > using swap is used.  PHK was right in his advice to not use swap.
> > 
> > Good catch, nanobsd.sh should be changed.
> 
> I tend to disagree.  Nanobsd.sh is just an example but there may be more
> uses of swap-based md(4) devices where ultimately swap contents are
> leaked to unprivileged users or processes.  Des@ mentioned md(4) devices
> made available to jails where the root inside the jail is definately not
> the same as the root outside the jail.
> 
> All of us (I hope) have been educated with the wisdom that memory
> returned by malloc() and friends is safe to use which may raise the
> expectation (at least it did to me) that mdconfig'd memory follows the
> same principles of security.
It is reverse, malloc-ed memory is not guaranteed to have any predefined
content. But is content does not cross security boundaries.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121107/c7996c97/attachment.sig>
    
    
More information about the freebsd-security
mailing list