On Tue, 15 Dec 1998, Todd Whitesel wrote:

>This is a random idea I came up with while trying to imagine a solution to
>fork-bombs. It's like extending the "joe user mount point" idea to swap.
>
>Suppose that swap files can be added by any user provided they are the
>same user or group as the file (and have write access), and that the
>execute modes of the file control who may allocate pages from that file.
>Define a swap partition to be a swap file whose owner is root.staff and
>whose mode is 111, unless changed by mount_swap options.

An interesting idea.  I assume you've already considered the security
implications?  Suppose I

    Run a setuid-root program which waits for input.
    Wait for it to be swapped out.
    Find the image in my private swap file.
    Diddle with it and get a root shell!

This could be avoided by either (a) blocking all opens while the swap file
was mounted, or (b) making setuid processes use a swapfile belonging to
root.


Roger

------------------------------------------------------------------------------
Roger Brooks (Systems Programmer),          |  Email: R.S.Brooks@liv.ac.uk
Computing Services Dept,                    |  Tel:   +44 151 794 4441
The University of Liverpool,                |  Fax:   +44 151 794 4442
PO Box 147, Liverpool L69 3BX, UK           | 
------------------------------------------------------------------------------