[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] insecure creation of swap files in RH 7.1

To: linux-security
Subject: [linux-security] insecure creation of swap files in RH 7.1
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:29:50 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
Insecure creation of swap files during RedHat 7.1 installation

Problem Description
===================
If any swap files were created during installation of Red Hat Linux 7.1
(they were created during updates if the user requested it), they were
world-readable, meaning every user could read data in the swap file(s),
possibly including passwords.
  
The affected swap files are called /mountpoint/SWAP and
/mountpoint/SWAP-(numeral)
  
Also, this release of mount enforces sane permissions on swap space.

Affected Systems
================
RedHat 7.1 only

Solution
========
rpm -Fvh mount-2.11b-3.i386.rpm losetup-2.11b-3.i386.rpm

Prev by Date: [linux-security] kdesu security hole
Next by Date: [linux-security] iptables security hole
Prev by thread: Re: [linux-security] iptables security hole
Next by thread: [linux-security] kdesu security hole
Index(es):
- Date
- Thread