windows 7 - Is it insecure to use a swap file that multiple systems can read?

07
2014-07
  • jco

    I'm setting up a dual-boot system with Ubuntu Linux and Windows 7. Both systems are installed on an SSD, each given around 50GB. However, there is an additional internal HDD with a single ext4 partition, which I plan to use both form Ubuntu and from Windows.

    I also want to give Ubuntu swap space, but I don't want to waste precious SSD storage for that (I will only use it rarely I think). My solution was to create a swap file on the internal drive, but that got me thinking about security.

    If both systems can read the swap file, and Windows can ignore the permissions I set on it, is it possible that some important data like passwords could be read by malicious Windows programs? And what can I do about that? (Once I install ext4 drivers on Windows, it will probably be able to read from my SSD swap file if I were to put it there, as well.)

    • Answers
  • jco

    Yes, it is possible that sensitive information could be written to the swap file/partition, and it would then be readable from another operating system.

    These resources will help you protect that information:

  • Cristian Ciupitu

    There is a risk indeed, but it's low. I don't think there's much Windows malware reading remaining bits from Linux swapping.

    Also security conscious Linux programs can tell the kernel to keep some bits of information only in RAM and not to swap them. There aren't guarantees that the kernel will respect the request, but at least it will try. For more details read the mlock(2) man page.


    • Related Question

    ubuntu - What file system is swap on Linux
  • tony_sid

    In Linux you can choose things like ext3 and reiserfs for partitions. For the swap partition, you just choose "swap." What file system is this, actually? Can you just create an ext3 partition and make it a swap partition? How would that be different?


    • Related Answers
  • matthias krull

    Swap is no actual file system. It is just a reserved part of the disk that is raw addressable memory with no special structure.

    mkswap creates a header for the swap area with some additional information. From swapheader.h of the util-linux-ng package:

    struct swap_header_v1 {
    char         bootbits[1024];    /* Space for disklabel etc. */
    unsigned int version;
    unsigned int last_page;
    unsigned int nr_badpages;
    unsigned int padding[125];
    unsigned int badpages[1];
};

    Header version 1 is the currently used one. Thats about all the magic behind the raw structure of swap.

  • AndrejaKo

    The incredible people at Gentoo forums provided me with this link! Everything seems to be nicely explained. Oh and thanks to John R. Graham.

  • Matteo De Felice

    I think that the swap partition doesn't need a filesystem because there are no files and directories in it. Swap partition is the virtual RAM place.

  • Am1rr3zA

    Linux has two forms of swap space: the swap partition and the swap file. The swap partition is an independent section of the hard disk used solely for swapping; no other files can reside there. The swap file is a special file in the filesystem that resides amongst your system and data files.

    Swapping is necessary for two important reasons. First, when the system requires more memory than is physically available, the kernel swaps out less used pages and gives memory to the current application (process) that needs the memory immediately. Second, a significant number of the pages used by an application during its startup phase may only be used for initialization and then never used again. The system can swap out those pages and free the memory for other applications or even for the disk cache.

  • ben

    There are two ways you can create swap space: filesystem swap and device (or raw) swap. With filesystem swap, you are creating a file on a filesystem and using it as swap space (much like you'd see on windows with pagefile.sys). With device swap, you are swapping to a partition you've created specifically for swap.

    Which is better:

    This debate used to be a lot more interesting in the "old" days because:

    Why device swap is "better": Since you are swapping to a raw partition, it is faster because you don't have to deal with all the extra overhead of a filesystem with inodes and other filesystem overhead

    Today however this argument doesn't really hold. With evolution of how fast disk access is these days, device swap does not buy you much more time than filesystem swap.

    Why filesystem swap is "better": Much easier to change sizes. When you change partition sizes it is a lot harder than just creating new files.

    Today however with a lot of people using LVM instead of raw partitions, it's easy to shrink and grow your swap space

    TODAY it is even more moot: Most servers these days for performance reasons it's worth the cost just to plug it full of memory. (This debate used to be much more popular when RAM was harder to come by and it was common to only put 4GB to 8GB of RAM in a server)

    WHY I USE FILESYSTEM SWAP (and swap in general)

    These days I instruct our guys to install with 4gig swap onl and we use the same config/image for all our linux installs. Oracle installation requires higher swap usage so for systems that will have Oracle I will then create the rest with filesystem swap. It is possible your application may have a swap requirement in which case you can then add it later with filesystem swap.

    Does this help?

    I have detailed instructions how to do this in linux here: http://geekswing.com/geek/how-to-add-filesystem-swap-on-linux-and-unix-systems/