Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
Daniel A. Ramaley wrote: I have not seen documented how mfs allocates memory, so i just did a quick test. On a machine with 205 MB of RAM free i mounted a 128 MB mfs. Free RAM dropped to 199 MB; only 6 MB used! So OpenBSD must only allocate RAM for sectors that have actually been written to. Since the system is not using any more RAM than it has to, i think i'll switch to using mfs for /tmp as well. mount_mfs uses mmap(), which in turn will only use those pages which the program actually touches. An unused (large) mfs will not take up much ram, and if it does, it can swap out seldom used pages too.
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
On Tuesday 04 July 2006 11:13, Hannah Schroeter wrote: >It *is*. I've done so since a nearly uncountable number of years. > >Something like this in /etc/fstab helps. >/dev/wd0b /tmpmfs rw,-m0,-s204800 0 0 In the past i've always symlinked /tmp to point to /var/tmp. This has never caused any noticeable problems, but i realize that it isn't the proper way to do things and carries some risk. I have not seen documented how mfs allocates memory, so i just did a quick test. On a machine with 205 MB of RAM free i mounted a 128 MB mfs. Free RAM dropped to 199 MB; only 6 MB used! So OpenBSD must only allocate RAM for sectors that have actually been written to. Since the system is not using any more RAM than it has to, i think i'll switch to using mfs for /tmp as well. -- Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
Hi! On Tue, Jul 04, 2006 at 05:30:51PM +0100, tony sarendal wrote: >On 04/07/06, Hannah Schroeter <[EMAIL PROTECTED]> wrote: >> On Tue, Jul 04, 2006 at 11:44:22AM -0400, Peter Blair wrote: >> >I haven't tried under OpenBSD, but mounting /tmp as a ramdisk could >> >prove viable. >> It *is*. I've done so since a nearly uncountable number of years. >> Something like this in /etc/fstab helps. >> /dev/wd0b /tmpmfs rw,-m0,-s204800 0 0 >and swap is encrypted by default >[EMAIL PROTECTED] sysctl vm.swapencrypt.enable >vm.swapencrypt.enable=1 >[EMAIL PROTECTED] >/Tony *nods* And I had it encrypted for some time before it got enabled by default, too. Kind regards, Hannah.
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
On 04/07/06, Hannah Schroeter <[EMAIL PROTECTED]> wrote: > > Hi! > > On Tue, Jul 04, 2006 at 11:44:22AM -0400, Peter Blair wrote: > >I haven't tried under OpenBSD, but mounting /tmp as a ramdisk could > >prove viable. > > It *is*. I've done so since a nearly uncountable number of years. > > Something like this in /etc/fstab helps. > /dev/wd0b /tmpmfs rw,-m0,-s204800 0 0 and swap is encrypted by default [EMAIL PROTECTED] sysctl vm.swapencrypt.enable vm.swapencrypt.enable=1 [EMAIL PROTECTED] /Tony
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
Hi! On Tue, Jul 04, 2006 at 11:44:22AM -0400, Peter Blair wrote: >I haven't tried under OpenBSD, but mounting /tmp as a ramdisk could >prove viable. It *is*. I've done so since a nearly uncountable number of years. Something like this in /etc/fstab helps. /dev/wd0b /tmpmfs rw,-m0,-s204800 0 0 Kind regards, Hannah.
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
I haven't tried under OpenBSD, but mounting /tmp as a ramdisk could prove viable. On 7/4/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Some days ago I read a question related to encrypting a partition. I just know that swap gets encrypted automaticly. Wouldn`t it be possible to encrypt also /tmp and /var/tmp also automaticly with the same mechanism wich is used to encrypt the SWAP? Somebody mentioned that encrypting /tmp would be needed to because many applicatiosn store their temp. data there (wich is mostly correct). I didn`t posted that question to tech because misc@ is a better place but maybe a developer could answer my question. I thought about the statement that encrypting /tmp and /var/tmp is a good idea and I would angree so are there any (technical?) reasons that can`t be done even if a user does not use svnds? And btw: wouldn`t it be better to use rm -P for /tmp/* (or even -P as default for rm?)? Kind regards, Sebastian
Re: Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
On Tue, Jul 04, 2006 at 04:14:51PM +0200, [EMAIL PROTECTED] wrote: > Some days ago I read a question related to encrypting a partition. > I just know that swap gets encrypted automaticly. > Wouldn`t it be possible to encrypt also /tmp and /var/tmp also automaticly > with the same mechanism wich is used to encrypt the SWAP? No, but you can mount an encrypted svnd(4) device; some improvements have been made in -current (but these are, in this case, irrelevant). > Somebody mentioned that encrypting /tmp would be needed to because many > applicatiosn store their temp. data there (wich is mostly correct). > > I didn`t posted that question to tech because misc@ is a better place but > maybe a developer could answer my question. > I thought about the statement that encrypting /tmp and /var/tmp is a good > idea and I would angree so are there any (technical?) reasons that can`t > be done even if a user does not use svnds? > And btw: wouldn`t it be better to use rm -P for /tmp/* (or even -P as > default for rm?)? In all of these cases, the default is tuned for performance. This has a good reason - encrypted disks only work if they are not mounted, which, in practice, roughly equates to 'when the system is not running'. For servers, desktops, and pretty much anything but laptops, this means that anything likely to be able to get at your data does so while the encrypted device is mounted, i.e. while encrypted disks wouldn't help you anyway. Since in the majority of cases, OpenBSD is not used on a laptop but on a different type of machine, the defaults make sense - as defaults. In certain, specialized circumstances, customization is called for. Joachim
Question related to "automaticly" encrypted /tmp && /vat/tmp (like swap..?)
Some days ago I read a question related to encrypting a partition. I just know that swap gets encrypted automaticly. Wouldn`t it be possible to encrypt also /tmp and /var/tmp also automaticly with the same mechanism wich is used to encrypt the SWAP? Somebody mentioned that encrypting /tmp would be needed to because many applicatiosn store their temp. data there (wich is mostly correct). I didn`t posted that question to tech because misc@ is a better place but maybe a developer could answer my question. I thought about the statement that encrypting /tmp and /var/tmp is a good idea and I would angree so are there any (technical?) reasons that can`t be done even if a user does not use svnds? And btw: wouldn`t it be better to use rm -P for /tmp/* (or even -P as default for rm?)? Kind regards, Sebastian
