From owner-freebsd-hackers@FreeBSD.ORG  Sun Nov 23 00:19:13 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D2E1816A4CF; Sun, 23 Nov 2003 00:19:13 -0800 (PST)
Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1277143FBF; Sun, 23 Nov 2003 00:19:13 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com
	[66.91.236.204])	by smtp-relay.omnis.com (Postfix) with ESMTP
	id 3A3B672DC7; Sun, 23 Nov 2003 00:17:55 -0800 (PST)
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr
To: Stefan =?iso-8859-1?q?E=DFer?= <se@FreeBSD.org>,
	Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@des.no>
Date: Sun, 23 Nov 2003 00:19:11 -0800
User-Agent: KMail/1.5.4
References: <20031119003133.18473.qmail@web11404.mail.yahoo.com>
	<xzpzneosor3.fsf@dwp.des.no> <20031122105400.GA4506@StefanEsser.FreeBSD.org>
In-Reply-To: <20031122105400.GA4506@StefanEsser.FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200311230019.11310.wes@softweyr.com>
cc: Rayson Ho <raysonlogin@yahoo.com>
cc: phk@freebsd.org
cc: freebsd-hackers@freebsd.org
Subject: Re: "secure" file flag?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Nov 2003 08:19:13 -0000

On Saturday 22 November 2003 02:54 am, Stefan E=DFer wrote:
> On 2003-11-22 11:04 +0100, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> > Stefan E=DFer <se@FreeBSD.org> writes:
> > > I may be way off, but I do not think, that a special thread or
> > > a cache flush after each block is required: [...]
> >
> > What happens if you yank the power cord?
>
> Worst case: The same thing that happened, if the you lost power
> a fraction of a second earlier, just before the unlink or loss
> of last reference to the file ...
>
> Nothing short of a self-destruct mechanism will do any better ;-)

Poppycock.  Encrypting the data before it hits the disk is a fine=20
protection against somebody later recovering the data, either=20
inadvertantly or nefariously.

> Back to the subject of this thread:
>
> You could write a special flag "needs to be securely removed" to
> the inode. That way, an interrupted overwrite process could be
> continued after next reboot (for example initiated by fsck).

But why would somebody trying to steal your data run fsck on it?  You're=20
not thinking paranoid enough.

=2D-=20

        Where am I, and what am I doing in this handbasket?

Wes Peters                                               wes@softweyr.com