hardening /tmp
Matt Smith
matt.xtaz at gmail.com
Wed Feb 8 17:19:58 UTC 2017
On Feb 08 10:22, James B. Byrne via freebsd-questions wrote:
>How do most people handle hardening /tmp and /var/tmp on FreeBSD? I
>can get rid of /tmp from the file system and then simply mount it as a
>tmpfs in /etc/fstab.
>
>tmpfs /tmp tmpfs rw,nosuid,noexec,mode=01777 0 0
>
>However, /var/tmp is supposed to survive across reboots so how is this
>handled?
>
I tried exactly this along with also doing it to /var/tmp and decided to
back out my changes. If you mount /tmp noexec you will find that make
installworld breaks. tmpfs doesn't allow you to change mount options so
you have to unmount it. Unmounting it kills tmux or screen which I use.
It's just hassle!
And /var/tmp has vi.recover in it which is created on boot by
/etc/rc.d/virecover but it creates this before the tmpfs is mounted over
the top of it so the result is that it doesn't exist. I don't know what
the effects of that are, especially as I use vim but still it annoyed
me.
--
Matt
More information about the freebsd-questions
mailing list