On 2 April 2012 14:55, Steve Grubb sgrubb@redhat.com wrote:
On Monday, April 02, 2012 03:58:12 PM Richard W.M. Jones wrote:
- #834 F18 Feature: /tmp on tmpfs -
http://fedoraproject.org/wiki/Features/tmp-on-tmpfs (mitr, 17:40:06) * AGREED: tmp-on-tmpfs is accepted (+5 -3) (mitr, 18:12:52)
Actually I think this is a good feature, but ...
What about forensics? Any reboot erases information that might have been needed to see what happened during a break in.
I would guess it is a tossup. Depending on the security plan.. systems may want stuff in tmpfs to not allow for stuff to be around for a reboot (in the case where physical access after a reboot could compromise tokens and such). Other security plans required tmpfs to be turned off for forensics.
Many of the break-in kits though use /dev/shm already so they aren't going to be around after a reboot.
I would expect that any turn-on/turn-off of tmpfs would need to be configurable so that users who needed one or the other could get it.