看板 FB_security 關於我們 聯絡資訊
發信人freebsd@psconsult.nl (Paul Schenkeveld),
看板FB_security
標 題Re: md(4) (swap-base) disks not cleaned on creation
發信站NCTU CS FreeBSD Server (Wed Nov 7 04:59:36 2012)
轉信站ptt!csnews.cs.nctu!news.cs.nctu!.cs.nctucs.nctu!.org!ownorg!owner-free
On Tue, Nov 06, 2012 at 09:27:04PM +0200, Konstantin Belousov wrote: > On Tue, Nov 06, 2012 at 07:46:58PM +0100, Paul Schenkeveld wrote: > > Hi, > > = > > When creating a swap based md(4) it may contain data which to me feels > > like a security leak: > > = > > # mdconfig -a -t swap -s 1m > > md0 > > # hd /dev/md0 > > 00000000 c0 9b a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |?.?.....= ..\S.....| > > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........= .........| > > * > > 00000250 38 9f a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |8.?.....= ..\S.....| > > 00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........= .........| > > * > > 00000330 88 a0 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |.=9A?...= ....\S.....| > > 00000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........= .........| > > * > > 00000370 e8 a0 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |?=9A?...= ....\S.....| > > 00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........= .........| > > * > > 000005b0 48 a4 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |H??.....= ..\S.....| > > 000005c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........= .........| > > * > > ^C > > # ls -l /dev/md0 > > crw-r----- 1 root operator 0xc8 Nov 6 19:42 /dev/md0 > > # > > = > > Although not world-readable, it just doesn't feel right to me. > > = > > Any thoughts? > = > It is definitely not a security issue. The md device is not user-accessib= le, > as you noted. A filesystem run over the device need to ensure that user > process never get on-disk garbage without first initializing the blocks. What about this scenario: - Root uses nanobsd.sh to make an image - The .conf file has NANO_MD_BACKING=3D"swap" (I believe phk@ was against this feature but it is in nanobsd.sh now) - Root places the image on a public FTP site and this way exposes swap data. -- Paul Schenkeveld _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"