Date: Fri, 21 May 1999 11:10:09 -0700 (PDT) From: Javier Henderson <javier@KJSL.COM> To: brooks@one-eyed-alien.net Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, "Ilmar S. Habibulin" <ilmar@ints.ru>, posix1e@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: secure deletion Message-ID: <14149.41345.818718.833426@bogon.kjsl.com> In-Reply-To: <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu> References: <xzpwvy2pax2.fsf@localhost.ping.uio.no> <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
brooks@one-eyed-alien.net writes: > On 21 May 1999, Dag-Erling Smorgrav wrote: > > > "Ilmar S. Habibulin" <ilmar@ints.ru> writes: > > > Why mount option? Secure deletion is a feature of fs and impacts files of > > > this on this fs. All of them. So why use mount option? > > > > Because a mount option can be changed at runtime, whereas a kernel > > option cannot. A mount option would allow you to enable the security > > feature on file systems which need it but not on file systems which do > > not need it, whereas a kernel option would enable it unconditionally > > on all file systems. > > I'd definaly agree that it should be done on an FS by FS bases, but it > seems that a tunefs flag like softupdates might be more appropriate. My > reason for this is simply that if you forget to enable the option once and > do any write operations to speak of, you will need to completly wipe the > entire FS to ensure you actually destroy the old data. Making it a tunefs > option would mean that you couldn't forget. Just in the interest of throwing ideas around, and not to start an OS war: With VMS, you can define at mount time, or at any time afterwards (ie, while the volume is already mounted) whether you want files erased-on-delete or not. If you change the behavior at some point after mounting the volume, the new behavior will affect deletions made after the change of behavior. There is also a CLI qualifier for the DELETE command, appropriately named /ERASE (e.g., DELETE/ERASE FOO.TXT) that you can use on demand. This kind of flexibility would be cool, I think. -jav To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14149.41345.818718.833426>