On Wed, Nov 07, 2012 at 02:14:36PM +0100, Paul Schenkeveld wrote: > On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote: > > An excellent example of where swap shouldn't be used. It isn't the use of > > the swap file that is the issue, it is how the output of > > using swap is used. PHK was right in his advice to not use swap. > > > > Good catch, nanobsd.sh should be changed. > > I tend to disagree. Nanobsd.sh is just an example but there may be more > uses of swap-based md(4) devices where ultimately swap contents are > leaked to unprivileged users or processes. Des@ mentioned md(4) devices > made available to jails where the root inside the jail is definately not > the same as the root outside the jail. > > All of us (I hope) have been educated with the wisdom that memory > returned by malloc() and friends is safe to use which may raise the > expectation (at least it did to me) that mdconfig'd memory follows the > same principles of security. It is reverse, malloc-ed memory is not guaranteed to have any predefined content. But is content does not cross security boundaries.
pgpPKFdpVldXK.pgp
Description: PGP signature
