Re: how to increase space for tmpfs /tmp (tmp cleaning)
On 06/04/12 05:39, Bob Proulx wrote:
> Scott Ferguson wrote:
>> Bob Proulx wrote:
>>> Scott Ferguson wrote:
>>>> Martin Steigerwald wrote:
>>>>> I like the notion to just use /var/tmp for anything big by default.
>>>>
>>>> Doesn't that require manually deleting files when they're no longer
>>>> required?
>>>
>>> Of course that is no different from /tmp which is the same until
>>> rebooted and I only reboot for kernel security upgrades. In between
>>> those reboots it is no different and a system can go for a long time
>>> without rebooting.
>>
>> So, um, do that mean yes?
>
> Yes. That means yes that I always set up a tmp cleaner for both /tmp
> and /var/tmp. (But that is me. I don't know what Martin does.)
>
>>> I always set up automated tmp cleaners on /tmp and /var/tmp.
>>
>> Good to know. Almost as useful as actually saying what or how ;-p
>
> I intentionally avoided saying details because you would not believe
> how contentious the topic of tmp cleaners really happens to be! If it
> seems like a simple topic that is the first clue that it probably
> isn't. It is a minefield. I put it firmly into the topic area of
> "where angels fear to tread". I know better than to walk there. But
> having stepped into it I was already planning the strategy of my
> retreat so that I could escape with life and limb intact.
Just a wild guess... you've been ice-camping recently. ;-p
>
> As long as the details are ambiguous then there isn't any surface for
> the maligners to attack. There is the presumption of innocence. Or
> in this case the presumption of absolute correctness. And yet it is
> an area that may be impossible to be absolutely correct. If you study
> it in enough detail you may come to the conclusion that it isn't ever
> safe to delete any file. You can only add disk space endlessly and
> never ever delete anything. For those who come to that conclusion,
> sorry, it isn't going to happen.
but, but, but I was told Big Data is the Big Thing....
>
> If you study the problem in enough detail you may conclude that the
> only time to delete files is during system boot time. That is
> certainly a safe time. The state of the system is known and
> controlled. But does that mean that you would schedule a daily reboot
> simply to be able to delete files? That would create an unreasonable
> situation too.
Then there's the dilemma of saved desktop sessions. (I don't use them).
> And then we have the problems of absolute correctness
> for shutdown and bootup. For those that come to that conclusion that
> reboots are required to delete files, sorry, it isn't going to happen.
>
> And so being pragmatic I do set up tmp cleaners. Many things about
> life are compromises. The maligners will attack me and call me a bad
> person for doing so. I have walked through the fire on that one
> before. And yet those attacks against tmp cleaners are impossible to
> trigger on my machines. That won't prevent the maligners from trying.
> They will construct various situations where the vulnerability exists
> and will talk about those cases. That is all very good but those
> cases are not my case and they don't apply. If the problem cases do
> not apply to you either then there shouldn't be any problem for you to
> set up a tmp cleaner either. But that is for you to decide.
>
> To set up a simple tmpcleaner sufficient on your own personal use
> simply install the Debian tmpreaper package and then edit the
> /etc/tmpreaper.conf file TMPREAPER_DIRS='/tmp/. /var/tmp/.' to add
> /var/tmp to the list of directories that it will clean. You would
> turn the warning statement there off too.
>
> To start getting up to speed on the issues with tmp cleaners read the
> /usr/share/doc/tmpreaper/README.security.gz file that comes with
> tmpreaper. Then browse the bug reports for that package:
>
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=tmpreaper;dist=unstable
>
> Then read through these references about temporary files:
>
> http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html
>
> http://lcamtuf.coredump.cx/tmp_paper.txt
>
> Additionally reading through various mktemp design notes about how to
> create temporary files securely would be useful background on the
> other side of things too.
Thank you very much for that. I suspect you've saved me many hours of
bum steers.
>
> If I didn't scare everyone just a little bit with this then I didn't
> write it well enough. There isn't any way to win on this issue.
[innocent look] So, which one is best? ;-p
>
> Bob
Kind regards
--
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/
Reply to: