1 |
On Wed, 24 May 2017 12:30:36 -0700 Rich Freeman wrote: |
2 |
> On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman <itz@×××××××.net> wrote: |
3 |
> > On 2017-05-24 08:00, Kai Krakow wrote: |
4 |
> > |
5 |
> >> Unix semantics suggest that /tmp is not expected to survive reboots |
6 |
> >> anyways (in contrast, /var/tmp is expected to survive reboots), so |
7 |
> >> tmpfs is a logical consequence to use for /tmp. |
8 |
> > |
9 |
> > /tmp is wiped by the bootmisc init job anyway. |
10 |
> > |
11 |
> |
12 |
> In general I haven't found anything that is bothered by /var/tmp being |
13 |
> lost on reboot, but obviously that is something you need to be |
14 |
> prepared for if you put it on tmpfs. |
15 |
> |
16 |
> One thing that wasn't mentioned is that having /tmp in tmpfs might |
17 |
> also have security benefits depending on what is stored there, since |
18 |
> it won't be written to disk. If you have a filesystem on tmpfs and |
19 |
> your swap is encrypted (which you should consider setting up since it |
20 |
> is essentially "free") then /tmp also becomes a useful dumping ground |
21 |
> for stuff that is decrypted for temporary processing. For example, if |
22 |
> you keep your passwords in a gpg-encrypted file you could copy it to |
23 |
> /tmp, decrypt it there, do what you need to, and then delete it. That |
24 |
> wouldn't leave any recoverable traces of the file. |
25 |
> |
26 |
> There are lots of guides about encrypted swap. It is the sort of |
27 |
> thing that is convenient to set up since there is no value in |
28 |
> preserving a swap file across reboots, so you can just generate a |
29 |
> random key on each boot. I suspect that would break down if you're |
30 |
> using hibernation / suspend to disk. |
31 |
|
32 |
It is easy to use both encrypted swap and encrypted hibernation |
33 |
image (I do this on my laptop). Just before s2disk call disable swap |
34 |
completely, then create empty unencrypted swap and run s2disk |
35 |
(swappiness may be disabled to protect from accidental write of |
36 |
unencrypted data before fresh swap creation and s2disk call). |
37 |
|
38 |
Afterwards s2disk may be used to create encrypted memory image and |
39 |
store it in the swap partition. On resume just reverse actions. |
40 |
|
41 |
Apparently it is pointless to encrypt swap if unencrypted |
42 |
hibernation image is used, because all memory is accessible through |
43 |
that image (and even if it is deleted later, it can be restored |
44 |
from hdd and in some cases from ssd). |
45 |
|
46 |
Best regards, |
47 |
Andrew Savchenko |