noexec on /dev/shm
Callum Lerwick
seg at haxxed.com
Wed Jan 19 19:11:08 UTC 2011
On Thu, Dec 23, 2010 at 11:26 AM, drago01 <drago01 at gmail.com> wrote:
> Well /tmp should be mounted tmpfs anyway (I have been doing this for
> years and it is working just fine).
> tmp isn't a persistent storage so it makes a lot of sense, and it is
> *not* a dumping ground for giant files (apps that try to do that are
> just broken).
Unfortunately firefox is one of those apps. I experimented with tmpfs
/tmp a while back, and ran into very much badness. /tmp rapidly gets
all full of large PDFs I've clicked on, as well as the flash plugin
seems to like to spool video its streaming in /tmp.
It also likes to not properly clean up after itself. Even without a
tmpfs /tmp I've run into fun problems of PDFs and youtube filling up
my root and resulting in badness, requiring manual cleanup of /tmp, if
I want PDFs and youtube to continue.
This kind of crap belongs in ~/.tmp/ or something. Then it can fill up
/home as you would expect users to do and leave root out of it. :P
In fact on my servers I symlink /tmp to /home/tmp, as I like to keep
root small as possible and maximize /home. And no, a dedicated /tmp
filesystem is silly, why would I want to dedicate a fixed slice of
disk space to /tmp that isn't going to be used 99% of the time, and
will inevitably turn out to be not big enough %1 of the time?
More information about the devel
mailing list