[NTLUG:Discuss] installing redhat 6.2
Chris Cox
cjcox at acm.org
Tue Nov 12 10:06:38 CST 2002
David wrote:
> On Mon, Nov 11, 2002 at 07:45:09AM -0800, bryn konti wrote:
>
>>possible development. The usual minimal partition
>>configuration for the workstation is a swap partition
>>size equal or greater than 2X the amount of your
>>memory a / (root) directory and boot directory. Red
>
>
> Usually people do include a swap partition, but for many people it's not
> necessary. In the days of desktop machines with 256M or 512M RAM, it's
> a very unusual person who actually fills their RAM and needs to turn to
> swap space.
>
> There is also a good reason not to use swap space: security. Things in
> RAM may get written to swap, if you have one. That includes things
> that you may not want written to swap, like your cryptographic keys,
> passphrases, and your secret plan to overthrow some small country. Your
> adversary could read this information easily from your swap partition,
> if they ever get access to your machine. Better to dispense with swap,
> and keep all that secret information in a nice, volatile and forgetful
> RAM chip. After all, RAM is cheap.
>
This is true. Also, you shouldn't use a journaled filesystem for
some of the same reasons. No kernel modules, no plug&play, no
hotplug USB/Firewire, no local compilers, no SysV style init, etc.
However, you need to weigh security "paranoia" against the fact that
many servers run services that make these issues look like a joke, in
comparison. Security policies need to be carefully considered. Indeed,
one could argue that Unix/Linux is the wrong choice if you want to
really be secure (and the alternative is definitely not Windows... hope
that didn't need to be said).
More information about the Discuss
mailing list