Learned Something Today

Home » CentOS » Learned Something Today

January 10, 2016 Alice Wonder CentOS 3 Comments

Did you know you can use systemd to turn on tmpfs for /tmp ???

I had no clue that was possible, always did it through fstab – but

systemctl is-enabled tmp.mount

That will tell you if systemd has configured /tmp to mount as tmpfs
(default in CentOS 7 is no)

systemctl enable tmp.mount

That, as you can probably guess, tells systemd to mount /tmp as tmpfs next time the system boots.

-=-

Just thought I would pass it along in case others may benefit.

For me, I only need /tmp as tmpfs on my Bitcoin box – and then only when generating private keys for cold storage, SSDs are often not very good at securely deleting files. So I use tmpfs for /tmp and generate the private keys for cold storage to a file in /tmp and then print it from there (for storage in safe deposit box) – so that the private keys can’t be recovered from the SSD.

Yes, booting off a CD to generate and then print works too, but that’s bothersome.

Anyway just in case anyone else needs /tmp as tmpfs for anything, thought I’d pass the tip along.

3 thoughts on - Learned Something Today

Why not, on start-up, create a ‘ram disk’ and do your sensitive work in volatile RAM or is this what ‘tmpfs’ implies ?

I think that’s what OP expected tmpfs to be, but it should be noted that tmpfs *can* be swapped to disk, so it should not be used for data that you don’t want to ever hit non-volatile storage (unless you have no swap space).

volatile RAM or is this what ‘tmpfs’ implies ?
tmpfs *can* be swapped to disk, so it should not be used for data that you don’t want to ever hit non-volatile storage (unless you have no swap space).

One thing just asks to be added: “volatile” memory is not that volatile, so relying purely on keeping sensitive stuff in plain text in volatile memory may be not too good idea. Still, it is much more secure that the case when sensitive data may hit the hard drive. What I mention, is best explained here (the whole paper is very instructive, for RAM go directly to chapter 8):

https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

Always Learning says:

January 11, 2016 at 8:50 am

Why not, on start-up, create a ‘ram disk’ and do your sensitive work in volatile RAM or is this what ‘tmpfs’ implies ?
Gordon Messmer says:

January 11, 2016 at 9:38 am

I think that’s what OP expected tmpfs to be, but it should be noted that tmpfs *can* be swapped to disk, so it should not be used for data that you don’t want to ever hit non-volatile storage (unless you have no swap space).
Valeri Galtsev says:

January 11, 2016 at 10:44 am

volatile RAM or is this what ‘tmpfs’ implies ?
tmpfs *can* be swapped to disk, so it should not be used for data that you don’t want to ever hit non-volatile storage (unless you have no swap space).

One thing just asks to be added: “volatile” memory is not that volatile, so relying purely on keeping sensitive stuff in plain text in volatile memory may be not too good idea. Still, it is much more secure that the case when sensitive data may hit the hard drive. What I mention, is best explained here (the whole paper is very instructive, for RAM go directly to chapter 8):

https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

Learned Something Today

3 thoughts on - Learned Something Today

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta