On Thu, Jul 1, 2010 at 2:55 PM, Rob King <jk...@deadpixi.com> wrote: > Hello everyone, > Ubuntu's encrypted home directory feature is quite useful, and a good way > of increasing the security and privacy of information. > However, the scheme is a little "leaky". Applications still use the > default system-wide temporary directory (/tmp), which is not encrypted. For > applications that store things in the temporary directory, this can cause > leaks of sensitive information outside the encrypted home directory. For > things like Deja Dup, this can cause the entire contents of the home > directory to be copied into an unencrypted area. > I would suggest that, when a user enables the encrypted home directory > feature, the TMPDIR directory is set to a temporary directory inside that > user's home directory. This could easily be done in desktop sessions by > modifying ~/.xsessionrc. I'm not sure how easy this would be for > command-line logins.
I agree that programs which leak truly sensitive nature to /tmp should be fixed. Please file a bug in Launchpad for each and every program you find that leaks sensitive data to /tmp. However, it's worth mentioning that /tmp is wiped on every boot in Ubuntu. For this reason, I usually put my /tmp in a tmpfs in memory (on systems where I have a few GB of memory). Add this line to your /etc/fstab: tmpfs /tmp tmpfs rw This ensures that the data written to /tmp is never actually written to disk. I think this is an excellent best-practice for the security conscious. :-Dustin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
