From owner-freebsd-security  Sat May 22  9: 1:52 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 9556F14C2F
	for <freebsd-security@FreeBSD.ORG>; Sat, 22 May 1999 09:01:49 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id JAA29860; Sat, 22 May 1999 09:01:14 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id JAA26984; Sat, 22 May 1999 09:01:14 -0700
Received: from softweyr.com ([204.68.178.39]) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA03396; Sat, 22 May 99 09:01:10 PDT
Message-Id: <3746D4C6.4A284FE0@softweyr.com>
Date: Sat, 22 May 1999 10:01:10 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: Warner Losh <imp@harmony.village.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: secure deletion
References: <Pine.BSF.4.05.9905221042250.25097-100000@ws-ilmar.ints.ru> <199905220836.CAA02030@harmony.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Warner Losh wrote:
> 
> In message <Pine.BSF.4.05.9905221042250.25097-100000@ws-ilmar.ints.ru> "Ilmar S. Habibulin" writes:
> : On 21 May 1999, Dag-Erling Smorgrav wrote:
> :
> : > Because a mount option can be changed at runtime, whereas a kernel
> : > option cannot. A mount option would allow you to enable the security
> : > feature on file systems which need it but not on file systems which do
> : > not need it, whereas a kernel option would enable it unconditionally
> : > on all file systems.
> : And what about it? I just don't understand why this option must be
> : fs-specific. If file have no flag, it would be deleted in ordinary way.
> 
> I think that what people are saying, if I understand them correctly,
> is that it would be desirable if an entire file system could be told
> to do the shredding delete.  This would make it useful for a
> filesystem mounted on /tmp, for example.

If you're really concerned about security, you'll want this on enabled
on swap spaces, too, just in case sensitive data got swapped to disk.
You can't avoid having it on disk while the page is active, but certainly
want it securely erased when the page is no longer in use.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message