Suggestion: Leaky temp directory with encrypted home directories

Dustin Kirkland kirkland at
Fri Jul 2 15:39:55 UTC 2010

On Fri, Jul 2, 2010 at 9:22 AM, Ansgar Burchardt <ansgar at> wrote:
> Hi,
> Dustin Kirkland <kirkland at> writes:
>> However, it's worth mentioning that /tmp is wiped on every boot in
>> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
>> (on systems where I have a few GB of memory).  Add this line to your
>> /etc/fstab:
>>   tmpfs /tmp tmpfs rw
>> This ensures that the data written to /tmp is never actually written
>> to disk.  I think this is an excellent best-practice for the security
>> conscious.
> This is not always true.  Contents of a tmpfs can be swapped to disk[1]
> and you might thus leak information when you rely on the fact that
> contents of a tmpfs will never be written to permanent storage.

If you setup your encrypted home in the default manner, you
automatically have encrypted swap.

  $ cat /proc/swaps


More information about the Ubuntu-devel-discuss mailing list