>>>>> "Dan" == Dan Moschuk <[EMAIL PROTECTED]> writes:
Dan> I've avoided this conversation, but what would everyone think of
Dan> a tmpfs type of solution with a security minded design? I took a
Dan> brief look at phk's md driver, and it could be quite easily
Dan> molded to do what I want to do. Things like a sysctl option to
Dan> disallow symlinks in a tmpfs mounted directory I'm sure would
Dan> make a few people happy. The downfall, for being memory backed,
Dan> is it's wiped on a reboot (some people, however, consider this to
Dan> be A Good Thing).
Well... if you're going Whole Hog (tm), there's likely a litany of
desirable options to a secure tmpfs.
The ability to create small files that never swap to disk, for
instance. This would be the case where I need to create a tmp file as
the result of decrypting something to view with an external viewer.
The ability to specify more restritive than just user credentials to
access the file ... possibly a file that can only be acessed by an
open file handle or by a random filename that doesn't show up in the
directory listing.
There is probably a longer list, too.
Dave.
--
============================================================================
|David Gilbert, Velocet Communications. | Two things can only be |
|Mail: [EMAIL PROTECTED] | equal if and only if they |
|http://www.velocet.net/~dgilbert | are precisely opposite. |
=========================================================GLO================
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
