Preventing Linux from adding file into memory cache?

Question

I hope you've all seen the wonderful site, Linux Ate My Ram. This is usually great, but it presents a problem for me. I have a secure file that I'm decrypting with gpg and then reading into memory to process. The unencrypted file is deleted a short time later, but I do NOT want that decrypted file to be saved in Linux's in-memory file cache.

Is there a way to explicitly prevent a file from being saved from Linux's cache?

Thanks!

Answer 1

If you really, really need gpg's output to be a file, you could put that file on a ramfs file system. The file's contents will only exist in non-swappable memory pages.

You can attach a ramfs file system to your tree by running (as root):

mount none /your/mnt/point -t ramfs

You may have also heard of tmpfs. It's similar in that its files have no permanent storage and generally exist only in RAM. However, for your use, you want to avoid this file system because tmpfs files can be swapped to disk.

Answer 2

Use gpg -d, which will cause GPG to output the file to STDOUT, so then you can have it all in memory.

Depending on how paranoid you are, you may want to use mlock as well.

Answer 3

Sure. Shred the file as you delete it.

shred -u $FILE

Granted, it doesn't directly answer your question, but I still think it's a solution---whatever's living in the cache is now randomly-generated garbage. :-)