On 2 April 2012 14:55, Steve Grubb <sgrubb@xxxxxxxxxx> wrote: > On Monday, April 02, 2012 03:58:12 PM Richard W.M. Jones wrote: >> > * #834 F18 Feature: /tmp on tmpfs - >> > >> > http://fedoraproject.org/wiki/Features/tmp-on-tmpfs (mitr, 17:40:06) >> > * AGREED: tmp-on-tmpfs is accepted (+5 -3) (mitr, 18:12:52) >> >> Actually I think this is a good feature, but ... > > What about forensics? Any reboot erases information that might have been needed > to see what happened during a break in. I would guess it is a tossup. Depending on the security plan.. systems may want stuff in tmpfs to not allow for stuff to be around for a reboot (in the case where physical access after a reboot could compromise tokens and such). Other security plans required tmpfs to be turned off for forensics. Many of the break-in kits though use /dev/shm already so they aren't going to be around after a reboot. I would expect that any turn-on/turn-off of tmpfs would need to be configurable so that users who needed one or the other could get it. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
