Re: Debian system modifications tmpfs
On Fri, Sep 24, 2010 at 02:22:01PM +0200, Peter Smith wrote:
> On Fri, Sep 24, 2010 at 11:34 AM, Timo Juhani Lindfors
> <timo.lindfors@iki.fi> wrote:
> > Peter Smith <peter.smith3882100@gmail.com> writes:
> >> tmpfs /tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0
> >
> > noexec /tmp will surely break applications, no?
>
> So far no applications have been malfunction as a result of the noexec
> flag on /tmp, but i guess that i could change it to exec just to be
> sure that problems do not suddenly arise.
>
I've read somewhere that apt breaks if /tmp is noexec. I haven't tried
it myself, though.
> >> Iceweasel is modified to use /tmp as cache, so when Iceweasel is
> >> loaded after a reboot it creates a folder named Cache in /tmp.
> >
> > How does this work with multiple users in a safe way?
>
> Good point, but in my case it won't be a problem as i am the only user
> of the system. What if a security problem was found in Iceweasel,
> would it be worse that the cache is placed in /tmp instead of the home
> folder?
>
I would think this is ok, as long as the Cache folder gets the
appropriate permissions (700, I would think is appropriate).
-Rob
Reply to: