|
|
||||
Encrypted /tmp: upside, the file system data is encrypted; downside: well, the hub bub of encrypting it and such.
Memory File System (man mfs): Upside, the data is not retained between boots; downside: the data may reside momentary in memory even after power has been turned off, and likewise any backing store (e.g. swap partition) should be encrypted for extra paranoia. Encrypting your systems installed memory is a little, eh I'm not even gonna go there. So in my humble opinion: a pure MFS is probably not as useful as an encrypted partition, unless you've got memory to burn (amd64 suggested) and a big encrypted swap file. I haven't done any disk encryption recently, but I believe the process is very simple: setup your encrypted 'backing', do setup a partition on the encrypted 'pseudo device', and mount it as /tmp. something like: Code:
vnconfig -ck svndN /dev/wd... # whatever /tmp is on now # +/- erasing it with dd'ing # bytes from /dev/srandom fdisk svndN disklabel svndN newfs rsvndNa mount /dev/svndNa /tmp Not sure what /etc/fstab would look like, but maybe something like Code:
/dev/wd0d /dev/svnd0a vnd rw,-k 0 0 /dev/svnd0a /tmp ffs rw,FLAGS 0 0 suggested reading in manual: vnd, svnd, vnconfig, mfs disclaimer: I haven't played with encrypted disks in quite a while now.
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
||||
Jggimi, I said memory to burn and a big encrypted swap partition ;-)
& thanks about the sysctl, I didn't know it went as far back as 2.5 or 2.6; always thought it was early 2000s.
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Questions about encrypt local passwords | aleunix | OpenBSD Security | 4 | 2nd June 2008 02:07 PM |