Suggestion: Leaky temp directory with encrypted home directories
Dustin Kirkland
kirkland at canonical.com
Fri Jul 2 14:16:49 UTC 2010
On Thu, Jul 1, 2010 at 2:55 PM, Rob King <jking at deadpixi.com> wrote:
> Hello everyone,
> Ubuntu's encrypted home directory feature is quite useful, and a good way
> of increasing the security and privacy of information.
> However, the scheme is a little "leaky". Applications still use the
> default system-wide temporary directory (/tmp), which is not encrypted. For
> applications that store things in the temporary directory, this can cause
> leaks of sensitive information outside the encrypted home directory. For
> things like Deja Dup, this can cause the entire contents of the home
> directory to be copied into an unencrypted area.
> I would suggest that, when a user enables the encrypted home directory
> feature, the TMPDIR directory is set to a temporary directory inside that
> user's home directory. This could easily be done in desktop sessions by
> modifying ~/.xsessionrc. I'm not sure how easy this would be for
> command-line logins.
I agree that programs which leak truly sensitive nature to /tmp should
be fixed. Please file a bug in Launchpad for each and every program
you find that leaks sensitive data to /tmp.
However, it's worth mentioning that /tmp is wiped on every boot in
Ubuntu. For this reason, I usually put my /tmp in a tmpfs in memory
(on systems where I have a few GB of memory). Add this line to your
/etc/fstab:
tmpfs /tmp tmpfs rw
This ensures that the data written to /tmp is never actually written
to disk. I think this is an excellent best-practice for the security
conscious.
:-Dustin
More information about the Ubuntu-devel-discuss
mailing list