Protecting personal data with tmpfs?

Discussion in 'all things UNIX' started by Gullible Jones, Sep 1, 2012.

Thread Status:
Not open for further replies.
  1. Just a thought I had while thinking about ISR-type setups for Linux...

    When you mount something to a directory, the original directory becomes inaccessible. And you can mount tmpfs or ramfs pretty much anywhere, including your home directory. Changes to tmpfs are lost when the filesystem is unmounted...

    Would mounting a tmpfs ramdisk over one's home directory have potential use for desktop security? Temporarily logging in with a tmpfs ramdisk so mounted seems like a good way of protecting personal data from a compromised program, or perhaps foiling a limited-user trojan when doing online financial stuff. How effective would it be for these things in theory, though?
  2. Hungry Man

    Hungry Man Registered Member

    May 11, 2011
    Sure, if you can fit it, which I would suspect could be an issue considering how much can be stored there.
  3. The whole contents of /home/whoever wouldn't need to fit in the tmpfs though... All it would have to hold is the contents of a browser session, or whatever. Unless I was downloading video files into the tmpfs, I can't see it being an issue.
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    May 9, 2005
    How would that help exactly.
    A mounted filesystem is a mounted filesystem.
  5. kareldjag

    kareldjag Registered Member

    Nov 13, 2004
  6. NGRhodes

    NGRhodes Registered Member

    Jun 23, 2003
    Why not just use a guest session ?
  7. BrandiCandi

    BrandiCandi Guest

    I'm gonna go with this. The Ubuntu guest session doesn't remember anything from session to session, which effectively makes everything temporary. I don't know how other distros handle it though.

    Gullible Jones- it sounds to me like you're describing a sandbox.
  8. Just FWIW, I realized there is a flaw in the original idea: a keylogger could be executed by a cron job running as your user. Obscuring your home with a tmpfs filesystem would not prevent the cron job from running, unless the malicious script it ran was in your home dir to start with; nor would it prevent a malicious cron job and script from being set up in the first place.

    Long story short, there are too many user-writable places for this idea to make any sense.

    Edit: also, cron would probably provide a workaround for getting persistence even with all user-writeable areas mounted noexec. The cron job might look like

    */5 * * * * sh /var/spool/mail/

    with the script logging keystrokes somewhere else user-writable, and uploading the logs to the script kiddy's server every so often.

    Oh sure, it would be easy to spot... If you were looking for it. But chances are you're not. When was the last time you scrutinized all the processes running on your desktop, or looked in all the directories writable by your user?
    Last edited by a moderator: Nov 29, 2012
Similar Threads
  1. amarildojr
Thread Status:
Not open for further replies.