| 1 |
Am Wed, 24 May 2017 12:30:36 -0700 |
| 2 |
schrieb Rich Freeman <rich0@g.o>: |
| 3 |
|
| 4 |
> On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman <itz@×××××××.net> |
| 5 |
> wrote: |
| 6 |
> > On 2017-05-24 08:00, Kai Krakow wrote: |
| 7 |
> > |
| 8 |
> >> Unix semantics suggest that /tmp is not expected to survive reboots |
| 9 |
> >> anyways (in contrast, /var/tmp is expected to survive reboots), so |
| 10 |
> >> tmpfs is a logical consequence to use for /tmp. |
| 11 |
> > |
| 12 |
> > /tmp is wiped by the bootmisc init job anyway. |
| 13 |
> > |
| 14 |
> |
| 15 |
> In general I haven't found anything that is bothered by /var/tmp being |
| 16 |
> lost on reboot, but obviously that is something you need to be |
| 17 |
> prepared for if you put it on tmpfs. |
| 18 |
> |
| 19 |
> One thing that wasn't mentioned is that having /tmp in tmpfs might |
| 20 |
> also have security benefits depending on what is stored there, since |
| 21 |
> it won't be written to disk. If you have a filesystem on tmpfs and |
| 22 |
> your swap is encrypted (which you should consider setting up since it |
| 23 |
> is essentially "free") then /tmp also becomes a useful dumping ground |
| 24 |
> for stuff that is decrypted for temporary processing. For example, if |
| 25 |
> you keep your passwords in a gpg-encrypted file you could copy it to |
| 26 |
> /tmp, decrypt it there, do what you need to, and then delete it. That |
| 27 |
> wouldn't leave any recoverable traces of the file. |
| 28 |
|
| 29 |
Interesting point... How much performance impact does encrypted swap |
| 30 |
have? I don't mean any benchmark numbers but real life experience from |
| 31 |
your perspective when the system experiences memory pressure? |
| 32 |
|
| 33 |
> There are lots of guides about encrypted swap. It is the sort of |
| 34 |
> thing that is convenient to set up since there is no value in |
| 35 |
> preserving a swap file across reboots, so you can just generate a |
| 36 |
> random key on each boot. I suspect that would break down if you're |
| 37 |
> using hibernation / suspend to disk. |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
Regards, |
| 42 |
Kai |
| 43 |
|
| 44 |
Replies to list-only preferred. |
Archives