On Sun, 2011-01-23 at 05:47 -0800, kellyremo wrote: > "to memory" means: mounting a ~2 GByte filesystem [ tmpfs?, or > ramfs? ], and put the "/tmp" on it. [ e.g.: 4 GByte ram in the pc ]. > what to write in the "/etc/fstab"? > > I would like to collect the [ answers too:P ]: > > Advantages: > - Memory is way faster then HDD/SSD, so it could speed things up > - "SSD amortization" is less > > Disadvantages: > - Security? [ how to set this up to be secure? any clear howtos/links > regarding it? :O ] > > Really thank you for any good help... > Another advantage you have is that it is on a separate partition and one can thus remove many of the attack vectors used to run malicious software. For example, we run ours with: none /tmp tmpfs size=128m,mode=1777,noexec,nosuid,nodev 0 0
The noexec,nosuid,nodev apparently does a good job of stopping malware from running in /tmp. However, it also keeps legitimate execution from happening in /tmp. For example, before we install or update packages, we need to remount it exec,suid,dev (probably just the first two are necessary) in order for the package configuration scripts to run - John -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1295862684.8976.11.ca...@denise.theartistscloset.com
