Re: "here strings" and tmpfiles

[konsolebox]

On Thu, Apr 11, 2019, 10:42 PM Andreas Kusalananda Kähäri <
andreas.kahari@abc.se> wrote:

> On Thu, Apr 11, 2019 at 09:01:50PM +0800, konsolebox wrote:
> > On Thu, Apr 11, 2019, 4:04 PM Andreas Schwab <schwab@suse.de> wrote:
> >
> > > On Apr 10 2019, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> > >
> > > > data written to the local filesystem can be discovered by someone
> > > > analyzing the disk controller data path, or by someone with access to
> > > > the underlying storage medium.
> > >
> > > Do you have swap enabled?
> > >
> >
> > It's 2019.
> >
> > --
> > konsolebox
>
> The point of Andreas' comment is, I presume, that if you have swap
> enabled, sensitive data may be written to that swap, either in low
> memory situations or when hibernating your laptop.  Discussion about
> whether temporary files are used or not for certain operations becomes
> less interesting if the data anyway runs the risk of being written to an
> unencypted swap.
>

I know but then again that's no longer just about bash and should be
corrected on system level.

It implicitly also gives the hint that using an encrypted temporary
> storage area may be considered by those with such needs (because they
> would hopefully already have thought about enabling some form of
> encryption of their swap partition or swap files).
>

Same argument.

--
konsolebox