Bug 36992 - Permissions on SWAP file
Summary: Permissions on SWAP file
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda   
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
Target Milestone: ---
Assignee: Michael Fulbright
QA Contact: Brock Organ
Keywords: Security
: 47285 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-21 16:06 UTC by redhat-bugs2eran
Modified: 2007-03-27 03:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-10 15:25:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description redhat-bugs2eran 2001-04-21 16:06:11 UTC
The 'SWAP' file (filesystem-based swap space) created by the installer has mode 0755 (-rwxr-xr-x). 
Making swapspace world-readable is a major security issue: for instance, passwords can be read from swapped-out processes.
The swap file should have mode 0600.

Reproducible: Didn't try
Steps to Reproduce:
Upgrade a RedHat 7.0 system to RedHat 7.1 using network installation.
Let there be insufficient swapspace on the system, e.g., less than available RAM.
When prompted for additional swap space, choose to create a swap file on an existing ext2 partition.

Actual Results:  SWAP file created, mode 0755.
Expected Results:  SWAP file created, mode 0600.

Comment 1 Brent Fox 2001-04-21 16:56:58 UTC
We will look into this.  Thanks for your report.

Comment 2 Brent Fox 2001-04-23 15:59:15 UTC
I have verified this behavior.

Comment 3 Brent Fox 2001-05-09 19:16:13 UTC
msf, has this issue been resolved?

Comment 4 Brent Fox 2001-05-10 15:25:05 UTC
An errata has been released to address this issue.  

Advisory ID RHSA-2001:058-04 is available at

Thanks for your report.

Comment 5 Brent Fox 2001-07-05 15:29:10 UTC
*** Bug 47285 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.