(dotat.at)

143 points todsacerdoti | 1 comments | 22 Oct 24 12:36 UTC | HN request time: 0.396s | source

Show context

Aardwolf ◴[22 Oct 24 13:11 UTC] No.41913873[source]▶

>>41913610 (OP) #

I like /tmp in RAM myself, it's truly temporary that way

EDIT: I do this more for avoiding certain disk reads/writes than security actually

replies(6): >>41913905 #>>41913910 #>>41913918 #>>41914627 #>>41916103 #>>41916856 #

nullindividual ◴[22 Oct 24 13:15 UTC] No.41913905[source]▶

>>41913873 #

You'd need to pin pages in physical memory to guarantee it stays in physical memory. What happens if an 'attacker' (or accidental user) exceeds available physical memory? OOM Kill other applications? Just don't accept temp data, leading to failures in operations requested by the user or system?

Pages in physical memory are not typically zero'ed out upon disuse. Yes, they're temporary... but only guaranteed temporary if you turn the system off and the DRAM cells bleed out their voltage.

replies(3): >>41913943 #>>41913945 #>>41915792 #

1. RiverCrochet ◴[22 Oct 24 16:13 UTC] No.41915792[source]▶

>>41913905 #

Well I guess you could tell Linux to not use some memory addresses using the BadRAM feature, then setup an `mtd` device to those memory addresses and create a RAM-based block device, then use `cryptsetup` to encrypt it. If your Linux box is headless and you have a GPU with RAM there mostly sitting unused then you could use the VRAM.

↑

Against /Tmp