Information leak (resource disk swap file created world-readable)

Impact:

Swap files created by WALinuxAgent on Azure resource disks are
world-readable, meaning that, e.g. any secret key or similar which
gets paged out to swap by the kernel could be read by any ordinary,
local user.

Versions affected:

2.2.32-1

  root@test-ubuntu:~# waagent -version
  WALinuxAgent-2.2.20 running on ubuntu 16.04
  Python: 3.5.2
  Goal state agent: 2.2.34

Older/newer versions of the walinuxagent package in other suites may also be affected but I have only verified that that 2.2.32-1 in Xenial is indeed vulnerable.

Steps to reproduce:

1. Create and boot B1s VM using the Ubuntu 16.04 image as available from Azure

2. Configure walinuxagent[1] to mount resource disk and create swap file thereon:

  ResourceDisk.Format=y
  ResourceDisk.EnableSwap=y
  ResourceDisk.SwapSizeMB=4096

  # sed -i \
  > -e 's/^\(ResourceDisk\.Format\).*/\1=y/' \
  > -e 's/^\(ResourceDisk\.EnableSwap\).*/\1=y/' \
  > -e 's/^\(ResourceDisk\.SwapSizeMB\).*/\1=4096/' \
  > /etc/waagent.conf

3. Restart walinuxagent ("systemctl restart walinuxagent.service")

4. Wait for the swap file to be created

5. Then, as a normal user, proceed to read the contents of said swap file:

  francis@test-ubuntu:~$ ls -ld /mnt{,/*}
  drwxr-xr-x 3 root root 4096 Jan 14 04:16 /mnt
  -r--r--r-- 1 root root 639 Jan 14 04:14 /mnt/DATALOSS_WARNING_README.txt
  drwx------ 2 root root 16384 Jan 14 04:14 /mnt/lost+found
  -rw-r--r-- 1 root root 4134141952 Jan 14 04:18 /mnt/swapfile
  francis@test-ubuntu:~$ od -A x -t x1z -v < /mnt/swapfile |head -n5
  000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
  000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
  [...]