View Issue Details

IDProjectCategoryView StatusLast Update
0010239Documentation[All Projects] generalpublic2018-12-30 05:17
Reportersarahn 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Summary0010239: Swap file instructions lead to world readable swap
Descriptionhttps://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-swap-creating-file.html and https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-swap-adding.html do not include 'chmod 600 /swapfile' , so created swap is world readable.
Steps To Reproduce$ su -l
Password:
[root@centos5-dom0 ~]# umask
0022
[root@centos5-dom0 ~]# ls -l /swapfile
ls: /swapfile: No such file or directory
[root@centos5-dom0 ~]# dd if=/dev/zero of=/swapfile bs=1024 count=65536
65536+0 records in
65536+0 records out
67108864 bytes (67 MB) copied, 1.2403 seconds, 54.1 MB/s
[root@centos5-dom0 ~]# mkswap /swapfile
Setting up swapspace version 1, size = 67104 kB
[root@centos5-dom0 ~]# swapon /swapfile
[root@centos5-dom0 ~]# ls -l /swapfile
-rw-r--r-- 1 root root 67108864 Jan 25 13:53 /swapfile
Additional InformationReported to util-linux mailing list https://marc.info/?l=util-linux-ng&m=145349007505400&w=2
TagsNo tags attached.

Activities

SiriusP2324

SiriusP2324

2018-12-30 05:17

reporter   ~0033477

This is old, but I saw it had not answer so I figured I would address it. The first thing to note is the Centos5 is EOL on support; the referenced documents are no longer active.

The umask is 0022, which means the default permission string will be 0644 (Owner: rw, Group: r, Everyone: r).

If you want your swapfile, or any file, to default to a more secure permission string, you have to change umask. For example, a umask of 0044, would result in a default permission string of 0622 (Owner: rw, Group: w, Everyone: w).

[root@cloud-anonymous anonymous]# ls -l /swapfile
ls: cannot access /swapfile: No such file or directory
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# umask 0022
[root@cloud-anonymous anonymous]# dd if=/dev/zero of=/swapfile bs=1024 count=65535
65535+0 records in
65535+0 records out
67107840 bytes (67 MB) copied, 0.130952 s, 512 MB/s
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# ls -l /swapfile
-rw-r--r--. 1 root root 67107840 Dec 30 05:11 /swapfile
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# rm -f /swapfile
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# ls -l /swapfile
ls: cannot access /swapfile: No such file or directory
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# umask 0044
[root@cloud-anonymous anonymous]# dd if=/dev/zero of=/swapfile bs=1024 count=65535
65535+0 records in
65535+0 records out
67107840 bytes (67 MB) copied, 0.122804 s, 546 MB/s
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# ls -l /swapfile
-rw--w--w-. 1 root root 67107840 Dec 30 05:12 /swapfile
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# mkswap /swapfile
Setting up swapspace version 1, size = 65528 KiB
no label, UUID=33fa1b77-4d53-4361-8eea-66aa9bd2d146
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# swapon /swapfile
swapon: /swapfile: insecure permissions 0622, 0600 suggested.
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# ls -l /swapfile
-rw--w--w-. 1 root root 67107840 Dec 30 05:12 /swapfile
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]# swapon -s
Filename Type Size Used Priority
/swapfile file 65528 0 -2
[root@cloud-anonymous anonymous]#
[root@cloud-anonymous anonymous]#

Issue History

Date Modified Username Field Change
2016-01-25 21:56 sarahn New Issue
2018-12-30 05:17 SiriusP2324 Note Added: 0033477