[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC#16 - /etc/rc



Request to prune /tmp during shutdown procedure.

By default /tmp directory is cleared by /etc/rc at boot.
This method doesn't avoid sensistive data to remain accessible
to a halted box (example: PHP session files). Even if you need
to be physically near the box, the problem is that you could be
able to get data not available in other way on that box and in
fact they are stored on a tmp directory...

This simple patch permits to prune /tmp before /etc/.rc.shutdown
is processed. However I'll suggest to use a tool to overwrite real
disk data on /tmp before shutdown procedure.


--- src/etc/rc  Tue Jul 29 19:52:17 2003
+++ rc.tmp      Thu Nov 13 13:23:49 2003
@@ -24,2 +24,10 @@

+# prune quickly with one rm, then use find to clean up /tmp/[lq]*
+# (not needed with mfs /tmp, but doesn't hurt there...)
+prune_tmp() {
+(cd /tmp && rm -rf [a-km-pr-zA-Z]* &&
+    find . ! -name . ! -name lost+found ! -name quota.user \
+       ! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
+}
+
 # End subroutines
@@ -40,2 +48,3 @@
        chmod 600 /var/db/host.random >/dev/null 2>&1
+       prune_tmp
        if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
@@ -341,7 +350,3 @@

-# prune quickly with one rm, then use find to clean up /tmp/[lq]*
-# (not needed with mfs /tmp, but doesn't hurt there...)
-(cd /tmp && rm -rf [a-km-pr-zA-Z]* &&
-    find . ! -name . ! -name lost+found ! -name quota.user \
-       ! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
+prune_tmp



	Ed


# http://hacking.openbsd.it/



Visit your host, monkey.org