[1317] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Having /var/lock as ramdisk : how secure

daemon@ATHENA.MIT.EDU (Pascal A. Dupuis)
Sun Nov 24 09:47:05 1996

Old-X-Envelope-From: dupuis@lei.ucl.ac.be  Thu Nov 21 08:51:16 1996
Date: Thu, 21 Nov 1996 14:53:05 +0100 (MET)
From: "Pascal A. Dupuis" <dupuis@lei.ucl.ac.be>
Reply-To: "Pascal A. Dupuis" <dupuis@lei.ucl.ac.be>
To: linux-security@redhat.com
In-Reply-To: <199611210849.JAA00445@cave.et.tudelft.nl>
Resent-From: linux-security@redhat.com

On a linux box working as PPP server / router / firewall, I wish to
spindown the HD for long period of inactivity. But some programs (mgetty)
needs to periodically create lock files (in order to test modems). I've
set up thinks like this :
-created a /var/lock.skel dir, containing the directory structure of
/var/lock (emacs seems to need its own subdir)
-at startup, create a ramdisk on mount it on /var/lock :
#create a small ramdisk, mount /var/lock there
dd if=/dev/zero of=/dev/ram15 bs=1k count=64 > /dev/null
mke2fs -m0 /dev/ram15 64 > /dev/null
mount /dev/ram15 /var/lock > /dev/null
cp -raf /var/lock.skel/* /var/lock/ >/dev/null

This way, creating a log file will not spinup the HD. Added benefit is
that there won't be stale locks after power failure...

How safe is it to have things set up this way ? Does it create some
security problems ?

Thanks in advance
Pascal A. Dupuis
--
Q:  How many existentialists does it take to screw in a lightbulb?
A:  Two.  One to screw it in and one to observe how the lightbulb
    itself symbolizes a single incandescent beacon of subjective
    reality in a netherworld of endless absurdity reaching out
    toward a maudlin cosmos of nothingness.


home help back first fref pref prev next nref lref last post