Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Sep 2011 14:19:28 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: /tmp fs type

On Wed, Sep 07, 2011 at 01:49:45PM +0400, Vasiliy Kulikov wrote:
> Maybe, but often fs type for /tmp is chosen not from security
> considerations, but performance or robustness.

Wouldn't tmpfs be the best choice under those considerations as well?

OK, I imagine someone might opt to have on-disk /tmp if it needs to be
larger than the machine's virtual memory size.

> How does the hardlink hardening protect against hardlinking into /home?

By not letting a user create hard links to files that they don't have
write permissions for.

> I mean Owl 3.0 system installer with the default kernel.  We don't plan
> to backport kernel hardening stuff to 3.0, do we?

We might.

> As to /home, Owl 4.0 would benefit too.

Why/how?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ