HowTo: secure /tmp files, for hard drive users

[klhrevolutionist]

I only modified this by changing the values for the count= to 500mb instead of what the original

One method is to create a loopback filesystem that will be mounted as /tmp
and can use the same restrictive mount options. To create a 500mb loopback
filesystem, execute:

dd if=/dev/zero of=/.tmpfs bs=1024 count=500000

mke2fs -j /.tmpfs

cp -av /tmp /tmp.old

mount -o loop,noexec,nosuid,nodev,rw /.tmpfs /tmp

chmod 1777 /tmp

mv -f /tmp.old/* /tmp/

rmdir /tmp.old

Once this is complete, edit /etc/fstab to have the loopback filesystem mounted
automatically at boot:

/.tmpfs /tmp ext3 loop,nosuid,noexec,nodev,rw 0 0
---
There is another method here:
http://www.tuxhelper.info/2008/06/secur ... ctory.html

Original Author:
http://blogs.techrepublic.com.com/opensource/?p=171

[Flash]

Thanks, klh. It would be even better if you added an explanation of what you mean by "secure," and why it might be a good idea to secure /tmp.

[klhrevolutionist]

With the link I provided you can see why one might want to make such changes to /tmp I also forgot to mention that not only did i change the count= I also added "nodev" onto the mounting permissions.

One problem with directories meant to store temporary files is that they can often be targeted as places to store bots and rootkits that compromise the system. This is because in most cases, anyone (or any process) can write to these directories. Insecure permissions are problematic as well; most Linux distributions set the sticky bit on directories meant to contain temporary files — this means that user A cannot remove a file belonging to user B, and vice versa. Depending on the permissions of the file itself, user A may be able to view and/or modify the contents of that file, however.

http://blogs.techrepublic.com.com/opensource/?p=171