Re: putting "/tmp" to memory help

To: kellyremo <kellyremo@zoho.com>
Cc: Debian <debian-user@lists.debian.org>
Subject: Re: putting "/tmp" to memory help
From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
Date: Mon, 24 Jan 2011 04:51:24 -0500
Message-id: <[🔎] 1295862684.8976.11.camel@denise.theartistscloset.com>
In-reply-to: <[🔎] 12db32128ea.8388856300320486605.-4545567042207208726@zoho.com>
References: <[🔎] 12db32128ea.8388856300320486605.-4545567042207208726@zoho.com>

On Sun, 2011-01-23 at 05:47 -0800, kellyremo wrote:
> "to memory" means: mounting a ~2 GByte filesystem [ tmpfs?, or
> ramfs? ], and put the "/tmp" on it. [ e.g.: 4 GByte ram in the pc ].
> what to write in the "/etc/fstab"?
> 
> I would like to collect the [ answers too:P ]:
> 
> Advantages:
> - Memory is way faster then HDD/SSD, so it could speed things up
> - "SSD amortization" is less
> 
> Disadvantages: 
> - Security? [ how to set this up to be secure? any clear howtos/links
> regarding it? :O ]
> 
> Really thank you for any good help...
> 
Another advantage you have is that it is on a separate partition and one
can thus remove many of the attack vectors used to run malicious
software.  For example, we run ours with:
none    /tmp            tmpfs   size=128m,mode=1777,noexec,nosuid,nodev 0 0

The noexec,nosuid,nodev apparently does a good job of stopping malware
from running in /tmp.  However, it also keeps legitimate execution from
happening in /tmp.  For example, before we install or update packages,
we need to remount it exec,suid,dev (probably just the first two are
necessary) in order for the package configuration scripts to run - John

Reply to:

References:
- putting "/tmp" to memory help
  - From: kellyremo <kellyremo@zoho.com>

Prev by Date: Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny
Next by Date: Re: Weird server mystery: self-reset, mostly
Previous by thread: Re: putting "/tmp" to memory help
Next by thread: Re: putting "/tmp" to memory help
Index(es):
- Date
- Thread