another aes-loopback question -- /tmp directory

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Mon Mar 3 04:46:57 UTC 2008


| From: Ian Petersen <ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| I've seen articles that suggest mounting /tmp as an encrypted
| partition with a random password generated at each boot.  Software is
| not supposed to rely on the contents of /tmp surviving a power cycle,
| so starting with a clean slate each time you power on should be fine.

I've thought for a long time (over 30 years) that the UNIX idea of
/tmp is broken.

I'd like to suggest that each session gets its own private /tmp.  Of
course, that begs the question: what is a session?  It would take a
careful canvas of programs to find out what things share objects in
/tmp (and whether that sharing is worth preserving).

Segregating by session would seem to be a way of reducing security
threats involving /tmp.  Some would still exist.

Here are the ways I think /tmp is used:

(1) Originally, /tmp was used because some programs needed to play
with more data than would fit in main memory (the data segment limit
was 64KiB on the biggest UNIX machines and less on smaller ones).

(2) /tmp was also used to transfer things between phases of
processing, such as compiler passes.  Many shell tools naturally
operate on files, not memory, so processing by shell tools often involves 
temp files.

(3) It is sometimes handy to have /tmp files preserved across crashes
(program or system crashes).  For example, when my editor crashes, or
the original vi crashed, much potential lost work could be recovered
from the file in /tmp.

(4) /tmp/xxxx can be used as a "well known address" for different
agents to share information.  My current /tmp seems to have stuff like
this:
drwx------ 3 hugh  hugh   4096 Feb  3 20:03 gconfd-hugh
drwx------ 2 hugh  hugh   4096 Feb  3 20:03 keyring-MMcBx5
srwxrwxr-x 1 admin admin     0 Feb  2 03:16 mapping-admin
srwxrwxr-x 1 hugh  hugh      0 Feb  3 20:03 mapping-hugh
drwx------ 2 hugh  hugh   4096 Feb 29 14:36 orbit-hugh
drwx------ 2 root  root   4096 Feb 14 11:41 orbit-root
drwx------ 2 hugh  hugh   4096 Feb  3 20:03 ssh-agrdjc2019
drwx------ 2 hugh  hugh   4096 Feb 16 12:22 ssh-BGiAr11620
drwx------ 2 hugh  hugh   4096 Feb 26 11:46 ssh-EMdPF12408

Notice that some of these names seem to reflect some kind of session
model.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list