Suggestion: Leaky temp directory with encrypted home directories
Ansgar Burchardt
ansgar at 43-1.org
Fri Jul 2 14:22:51 UTC 2010
Hi,
Dustin Kirkland <kirkland at canonical.com> writes:
> However, it's worth mentioning that /tmp is wiped on every boot in
> Ubuntu. For this reason, I usually put my /tmp in a tmpfs in memory
> (on systems where I have a few GB of memory). Add this line to your
> /etc/fstab:
> tmpfs /tmp tmpfs rw
>
> This ensures that the data written to /tmp is never actually written
> to disk. I think this is an excellent best-practice for the security
> conscious.
This is not always true. Contents of a tmpfs can be swapped to disk[1]
and you might thus leak information when you rely on the fact that
contents of a tmpfs will never be written to permanent storage.
Regards,
Ansgar
[1] <http://en.wikipedia.org/wiki/Tmpfs#Linux>
More information about the Ubuntu-devel-discuss
mailing list