Suggestion: Leaky temp directory with encrypted home directories
Dustin Kirkland
kirkland at canonical.com
Fri Jul 2 15:39:55 UTC 2010
On Fri, Jul 2, 2010 at 9:22 AM, Ansgar Burchardt <ansgar at 43-1.org> wrote:
> Hi,
>
> Dustin Kirkland <kirkland at canonical.com> writes:
>
>> However, it's worth mentioning that /tmp is wiped on every boot in
>> Ubuntu. For this reason, I usually put my /tmp in a tmpfs in memory
>> (on systems where I have a few GB of memory). Add this line to your
>> /etc/fstab:
>> tmpfs /tmp tmpfs rw
>>
>> This ensures that the data written to /tmp is never actually written
>> to disk. I think this is an excellent best-practice for the security
>> conscious.
>
> This is not always true. Contents of a tmpfs can be swapped to disk[1]
> and you might thus leak information when you rely on the fact that
> contents of a tmpfs will never be written to permanent storage.
If you setup your encrypted home in the default manner, you
automatically have encrypted swap.
$ cat /proc/swaps
Dustin
More information about the Ubuntu-devel-discuss
mailing list