Date: Sun, 23 Nov 2003 13:15:01 +0100 From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: Wes Peters <wes@softweyr.com> Cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? Message-ID: <20031123121501.GA1133@StefanEsser.FreeBSD.org> In-Reply-To: <200311230016.31498.wes@softweyr.com> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> <200311211333.39520.wes@softweyr.com> <20031121235607.GB16700@StefanEsser.FreeBSD.org> <200311230016.31498.wes@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-11-23 00:16 -0800, Wes Peters <wes@softweyr.com> wrote: > On Friday 21 November 2003 03:56 pm, Stefan E=DFer wrote: > > A simple algorithm could just mark each buffer with a special > > kind of dirty flag and a counter for the pass number (in fact, > > the existing dirty flag could be used, and a counter set to the > > number of passes required, with 0 indicating that the buffer is > > to be flushed to disk "as is" in the normal way). >=20 > Oh, but you're wrong, if you actually want to ERASE the data on the dis= k=20 > platters. That's why I've referred people to the obliterate program in= =20 > ports several times. Read the references contained there, then come ba= ck=20 > to this discussion. This is rude! It's been some time since I read the Gutmann paper, but I still remember=20 the points he made and even quite a number of the details. Either my (English) language skills are insufficient to make my point,=20 or you just didn't read what I wrote. I thought it was obvious that=20 if I'm talking of several passes, that each one writes specific data=20 (either a complement of the original data, a suitable pattern or random=20 data).=20 What I'm suggesting is to have the obliteration implemented as an add on to the dirty buffer flush, with the difference that the=20 buffer contents is prepared for the next step of the erasure process, written out, and then not declared free but again prepared for the next overwrite pass. A counter is required to keep the required state information for each individual buffer. AFAIK, there is no=20 need to retain original data (or its complement) for the process, so in fact all that is needed is a pass counter and the very simple FA. There is no need for a special thread, and that was the point I was trying to make. Takling of obliterate: There is the patterns[] array and the "passno" variable attached to a buffer could select one of those patterns on each pass of the elevator. (Well, may be a seperate thread might be better to prepare buffers by filling in the correct patterns at slightly=20 reduced priority ...) > If you just want to zero the blocks, that is a lot easier, but you're n= ot=20 > really protecting anything from anyone who can get their hands on the=20 > disk. Who is talking about just zeroing blocks ? Please take the time to actually read the messages you reply to ... Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031123121501.GA1133>