Re: "here strings" and tmpfiles

[Andreas Kusalananda Kähäri]

On Thu, Apr 11, 2019 at 09:01:50PM +0800, konsolebox wrote:
> On Thu, Apr 11, 2019, 4:04 PM Andreas Schwab <schwab@suse.de> wrote:
> 
> > On Apr 10 2019, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> >
> > > data written to the local filesystem can be discovered by someone
> > > analyzing the disk controller data path, or by someone with access to
> > > the underlying storage medium.
> >
> > Do you have swap enabled?
> >
> 
> It's 2019.
> 
> --
> konsolebox

The point of Andreas' comment is, I presume, that if you have swap
enabled, sensitive data may be written to that swap, either in low
memory situations or when hibernating your laptop.  Discussion about
whether temporary files are used or not for certain operations becomes
less interesting if the data anyway runs the risk of being written to an
unencypted swap.

It implicitly also gives the hint that using an encrypted temporary
storage area may be considered by those with such needs (because they
would hopefully already have thought about enabling some form of
encryption of their swap partition or swap files).

I'm sorry for adding to this overly long thread.

Regards,

-- 
Andreas Kusalananda Kähäri,
National Bioinformatics Infrastructure Sweden (NBIS),
Uppsala University, Sweden.