[1317] in linux-security and linux-alert archive
[linux-security] Having /var/lock as ramdisk : how secure
daemon@ATHENA.MIT.EDU (Pascal A. Dupuis)
Sun Nov 24 09:47:05 1996
Old-X-Envelope-From: dupuis@lei.ucl.ac.be Thu Nov 21 08:51:16 1996
Date: Thu, 21 Nov 1996 14:53:05 +0100 (MET)
From: "Pascal A. Dupuis" <dupuis@lei.ucl.ac.be>
Reply-To: "Pascal A. Dupuis" <dupuis@lei.ucl.ac.be>
To: linux-security@redhat.com
In-Reply-To: <199611210849.JAA00445@cave.et.tudelft.nl>
Resent-From: linux-security@redhat.com
On a linux box working as PPP server / router / firewall, I wish to
spindown the HD for long period of inactivity. But some programs (mgetty)
needs to periodically create lock files (in order to test modems). I've
set up thinks like this :
-created a /var/lock.skel dir, containing the directory structure of
/var/lock (emacs seems to need its own subdir)
-at startup, create a ramdisk on mount it on /var/lock :
#create a small ramdisk, mount /var/lock there
dd if=/dev/zero of=/dev/ram15 bs=1k count=64 > /dev/null
mke2fs -m0 /dev/ram15 64 > /dev/null
mount /dev/ram15 /var/lock > /dev/null
cp -raf /var/lock.skel/* /var/lock/ >/dev/null
This way, creating a log file will not spinup the HD. Added benefit is
that there won't be stale locks after power failure...
How safe is it to have things set up this way ? Does it create some
security problems ?
Thanks in advance
Pascal A. Dupuis
--
Q: How many existentialists does it take to screw in a lightbulb?
A: Two. One to screw it in and one to observe how the lightbulb
itself symbolizes a single incandescent beacon of subjective
reality in a netherworld of endless absurdity reaching out
toward a maudlin cosmos of nothingness.