Re: swapfile security weakeness

Rik van Riel (H.H.vanRiel@phys.uu.nl)
Fri, 6 Nov 1998 08:40:01 +0100 (CET)

On 6 Nov 1998, H. Peter Anvin wrote:
> > On Thu, 5 Nov 1998, Jakub Vlasek wrote:
> >
> > >i've found that active swapfile could be deleted, which is
> >
> > KUDOS TO YOU!!!! I actually *DID* that about a year and a half
> > ago. I had 2 swap files and didn't need them both. I swapoff'd
> > one of them and deleted the wrong one. As a result I got major
> > kernel panics until the system froze, then when I rebooted I had
> > hard disk corruption on partitions that weren't even mounted in
>
> swapon should keep a handle on the inode, which means the file won't
> be removed from the physical media even if it is unlinked (just like
> open files aren't.)

Unfortunately, there are a few issues with that:
- it doesn't work on inodeless FSes (msdosfs)
- you can't swapoff() a deleted file, leaving minor
fs corruption on reboot (and major corruption on
umsdos and the like)
- since you can't swapoff() the deleted file, you
can't reclaim the disk space

This basically means that we have a real problem at
hand that should be fixed.

Rik -- typing slowly because my kbd is dvorak since sun 19:40...
+-------------------------------------------------------------------+
| Linux memory management tour guide. H.H.vanRiel@phys.uu.nl |
| Scouting Vries cubscout leader. http://www.phys.uu.nl/~riel/ |
+-------------------------------------------------------------------+

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/