hardening /tmp

Roland Smith rsmith at xs4all.nl
Sat Feb 11 09:49:33 UTC 2017

On Wed, Feb 08, 2017 at 10:22:48AM -0500, James B. Byrne via freebsd-questions wrote:
> How do most people handle hardening /tmp and /var/tmp on FreeBSD?  I
> can get rid of /tmp from the file system and then simply mount it as a
> tmpfs in /etc/fstab.
> tmpfs         /tmp        tmpfs   rw,nosuid,noexec,mode=01777 0     0
> However, /var/tmp is supposed to survive across reboots so how is this
> handled?

You cannot have noexec set on /tmp if you want to run “make installworld”!

You could make a separate partition/dataset for /var/tmp and mount that as

If you *really* want to harden your server, you should probably increase
the kern.securelevel sysctl. See security(7).

R.F.Smith                                   http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93  FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170211/31d30e4e/attachment.sig>

More information about the freebsd-questions mailing list