[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] insecure creation of swap files in RH 7.1
- To: linux-security
- Subject: [linux-security] insecure creation of swap files in RH 7.1
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 3 May 2001 18:29:50 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
Insecure creation of swap files during RedHat 7.1 installation
Problem Description
===================
If any swap files were created during installation of Red Hat Linux 7.1
(they were created during updates if the user requested it), they were
world-readable, meaning every user could read data in the swap file(s),
possibly including passwords.
The affected swap files are called /mountpoint/SWAP and
/mountpoint/SWAP-(numeral)
Also, this release of mount enforces sane permissions on swap space.
Affected Systems
================
RedHat 7.1 only
Solution
========
rpm -Fvh mount-2.11b-3.i386.rpm losetup-2.11b-3.i386.rpm