Hacker News new | ask | show | jobs
by bravetraveler 1221 days ago
This is a commonly recommended thing to do! It helps IPC performance in some ways - also makes sure nothing in there persists longer than intended.

You might consider these common mount options for a little extra security:

    noexec,nosuid,nodev
(and potential headaches, to be fair)

While /tmp is a great world-writable place, these restrict it from being home to executables/devices -- common sources of abuse
1 comments
anon___ 1221 days ago
Thank you for the tips! It was just a quick hack and I never knew much about the mount options, but I guess it's time to learn.
link
bravetraveler 1221 days ago
Certainly!

I picked these up through some compliance benchmarks, commonly applied to /tmp -- I'd exercise caution with these elsewhere, they're fairly restrictive

link