>>>>> "Dan" == Dan Moschuk <[EMAIL PROTECTED]> writes:

Dan> I've avoided this conversation, but what would everyone think of
Dan> a tmpfs type of solution with a security minded design?  I took a
Dan> brief look at phk's md driver, and it could be quite easily
Dan> molded to do what I want to do.  Things like a sysctl option to
Dan> disallow symlinks in a tmpfs mounted directory I'm sure would
Dan> make a few people happy.  The downfall, for being memory backed,
Dan> is it's wiped on a reboot (some people, however, consider this to
Dan> be A Good Thing).

Well... if you're going Whole Hog (tm), there's likely a litany of
desirable options to a secure tmpfs.

The ability to create small files that never swap to disk, for
instance.  This would be the case where I need to create a tmp file as 
the result of decrypting something to view with an external viewer.

The ability to specify more restritive than just user credentials to
access the file ... possibly a file that can only be acessed by an
open file handle or by a random filename that doesn't show up in the
directory listing.

There is probably a longer list, too.


|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       [EMAIL PROTECTED]             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to