Bug 36992 - Permissions on SWAP file
Permissions on SWAP file
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.1
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Michael Fulbright
Brock Organ
: Security
: 47285 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-21 12:06 EDT by redhat-bugs2eran
Modified: 2007-03-26 23:43 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-10 11:25:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description redhat-bugs2eran 2001-04-21 12:06:11 EDT
The 'SWAP' file (filesystem-based swap space) created by the installer has mode 0755 (-rwxr-xr-x). 
Making swapspace world-readable is a major security issue: for instance, passwords can be read from swapped-out processes.
The swap file should have mode 0600.

Reproducible: Didn't try
Steps to Reproduce:
Upgrade a RedHat 7.0 system to RedHat 7.1 using network installation.
Let there be insufficient swapspace on the system, e.g., less than available RAM.
When prompted for additional swap space, choose to create a swap file on an existing ext2 partition.

Actual Results:  SWAP file created, mode 0755.
Expected Results:  SWAP file created, mode 0600.
Comment 1 Brent Fox 2001-04-21 12:56:58 EDT
We will look into this.  Thanks for your report.
Comment 2 Brent Fox 2001-04-23 11:59:15 EDT
I have verified this behavior.
Comment 3 Brent Fox 2001-05-09 15:16:13 EDT
msf, has this issue been resolved?
Comment 4 Brent Fox 2001-05-10 11:25:05 EDT
An errata has been released to address this issue.  

Advisory ID RHSA-2001:058-04 is available at
http://www.redhat.com/support/errata/RHSA-2001-058.html


Thanks for your report.
Comment 5 Brent Fox 2001-07-05 11:29:10 EDT
*** Bug 47285 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.