rsmith at xs4all.nl
Sat Feb 11 09:49:33 UTC 2017
On Wed, Feb 08, 2017 at 10:22:48AM -0500, James B. Byrne via freebsd-questions wrote:
> How do most people handle hardening /tmp and /var/tmp on FreeBSD? I
> can get rid of /tmp from the file system and then simply mount it as a
> tmpfs in /etc/fstab.
> tmpfs /tmp tmpfs rw,nosuid,noexec,mode=01777 0 0
> However, /var/tmp is supposed to survive across reboots so how is this
You cannot have noexec set on /tmp if you want to run “make installworld”!
You could make a separate partition/dataset for /var/tmp and mount that as
If you *really* want to harden your server, you should probably increase
the kern.securelevel sysctl. See security(7).
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the freebsd-questions