Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Sep 2011 14:47:50 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: /tmp fs type

On Wed, Sep 07, 2011 at 14:19 +0400, Solar Designer wrote:
> On Wed, Sep 07, 2011 at 01:49:45PM +0400, Vasiliy Kulikov wrote:
> > Maybe, but often fs type for /tmp is chosen not from security
> > considerations, but performance or robustness.
> 
> Wouldn't tmpfs be the best choice under those considerations as well?
> 
> OK, I imagine someone might opt to have on-disk /tmp if it needs to be
> larger than the machine's virtual memory size.

Yes.  Or it is not known how much disk space it will take in the future,
so a precise allocation is not possible and an allocation with a
margin is too expensive.


> > How does the hardlink hardening protect against hardlinking into /home?
> 
> By not letting a user create hard links to files that they don't have
> write permissions for.

-ow for 2.4 didn't have such protection, did it?  At least I'm not aware
of it.

-- 
Vasiliy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ