Date: Mon, 24 Nov 2003 10:16:21 +0100 From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: Rayson Ho <raysonlogin@yahoo.com> Subject: Re: "secure" file flag? Message-ID: <20031124091621.GB1168@StefanEsser.FreeBSD.org> In-Reply-To: <8799.1069607075@critter.freebsd.dk> References: <xzpfzgfrqqg.fsf@dwp.des.no> <8799.1069607075@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-11-23 18:04 +0100, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > 1. Look for BIO_DELETE in the kernel. Seems that BIO_DELETE isn't really supported anymore (according to a comment in your GEOM sources ;-) AFAICT, BIO_DELETE can't easily be made a long running operation (taking tens of revolutions of a disk media) without really hurting performance because of assumptions that it will take about the same time as BIO_WRITE ... > 2. Use GBDE or other encryption. Yes, probably. But encryption is only as good as key management and secure storage (and deletion) of keys. How do you implement unattended reboot, if you consider unauthorized (physical) access to your system as one of the attack scenarios to protect against ? (Not meaning, that secure erase would really solve that problem ...) Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031124091621.GB1168>