--ZjlDoLon7m/fln42 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 07, 2012 at 02:14:36PM +0100, Paul Schenkeveld wrote: > On Wed, Nov 07, 2012 at 06:03:46PM +1100, Dewayne Geraghty wrote: > > An excellent example of where swap shouldn't be used. It isn't the use= of the swap file that is the issue, it is how the output of > > using swap is used. PHK was right in his advice to not use swap. > >=20 > > Good catch, nanobsd.sh should be changed. >=20 > I tend to disagree. Nanobsd.sh is just an example but there may be more > uses of swap-based md(4) devices where ultimately swap contents are > leaked to unprivileged users or processes. Des@ mentioned md(4) devices > made available to jails where the root inside the jail is definately not > the same as the root outside the jail. >=20 > All of us (I hope) have been educated with the wisdom that memory > returned by malloc() and friends is safe to use which may raise the > expectation (at least it did to me) that mdconfig'd memory follows the > same principles of security. It is reverse, malloc-ed memory is not guaranteed to have any predefined content. But is content does not cross security boundaries. --ZjlDoLon7m/fln42 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCaZc8ACgkQC3+MBN1Mb4iuUwCfRMHpeqVcwmRoX3rCGgR0XJHK MpkAoMd+C6Jd3gIjWxVFMwfu68MoiTPI =fF/Q -----END PGP SIGNATURE----- --ZjlDoLon7m/fln42--