Date: Sun, 23 Nov 2003 00:19:11 -0800 From: Wes Peters <wes@softweyr.com> To: Stefan =?iso-8859-1?q?E=DFer?= <se@FreeBSD.org>, Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@des.no> Cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? Message-ID: <200311230019.11310.wes@softweyr.com> In-Reply-To: <20031122105400.GA4506@StefanEsser.FreeBSD.org> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> <xzpzneosor3.fsf@dwp.des.no> <20031122105400.GA4506@StefanEsser.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 22 November 2003 02:54 am, Stefan E=DFer wrote:
> On 2003-11-22 11:04 +0100, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> > Stefan E=DFer <se@FreeBSD.org> writes:
> > > I may be way off, but I do not think, that a special thread or
> > > a cache flush after each block is required: [...]
> >
> > What happens if you yank the power cord?
>
> Worst case: The same thing that happened, if the you lost power
> a fraction of a second earlier, just before the unlink or loss
> of last reference to the file ...
>
> Nothing short of a self-destruct mechanism will do any better ;-)
Poppycock. Encrypting the data before it hits the disk is a fine=20
protection against somebody later recovering the data, either=20
inadvertantly or nefariously.
> Back to the subject of this thread:
>
> You could write a special flag "needs to be securely removed" to
> the inode. That way, an interrupted overwrite process could be
> continued after next reboot (for example initiated by fsck).
But why would somebody trying to steal your data run fsck on it? You're=20
not thinking paranoid enough.
=2D-=20
Where am I, and what am I doing in this handbasket?
Wes Peters wes@softweyr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311230019.11310.wes>