From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 24 15:59:55 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC0D516A4CE for ; Mon, 24 Nov 2003 15:59:55 -0800 (PST) Received: from shaft.techsupport.co.uk (shaft.techsupport.co.uk [212.250.77.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A5BE43FD7 for ; Mon, 24 Nov 2003 15:59:54 -0800 (PST) (envelope-from setantae@submonkey.net) Received: from cpc2-cdif3-6-0-cust204.cdif.cable.ntl.com ([81.103.67.204] helo=shrike.submonkey.net ident=mailnull) by shaft.techsupport.co.uk with esmtp (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.24; FreeBSD 4.9) id 1AOQcS-0004FQ-Uz; Mon, 24 Nov 2003 23:59:53 +0000 Received: from setantae by shrike.submonkey.net with local (Exim 4.24; FreeBSD 4.9) id 1AOQcQ-000CPx-JX; Mon, 24 Nov 2003 23:59:50 +0000 Date: Mon, 24 Nov 2003 23:59:50 +0000 From: Ceri Davies To: Rayson Ho Message-ID: <20031124235950.GH66785@submonkey.net> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9uNR01GrImESOVvg" Content-Disposition: inline In-Reply-To: <20031119003133.18473.qmail@web11404.mail.yahoo.com> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.4i Sender: Ceri Davies cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2003 23:59:55 -0000 --9uNR01GrImESOVvg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 18, 2003 at 04:31:32PM -0800, Rayson Ho wrote: > I am wondering if it is useful to have a "secure" file flag?? >=20 > The secure file flag will be set for files that contain sensitive data. > Then the OS will take special care when operating on those "secure" > files. >=20 > e.g. when deleting a "secure" file, the OS will overwrite the file with > random data. It would also be useful to have a "noexport" flag, which would have the NFS code refuse to send it over the network. I could personally use this for setting on my PGP and SSH keys, while exporting the rest of /home. I did look at implementing this, but couldn't find the "correct" place to do the check for the flag. Any pointers for a kernel newbie? Ceri --=20 --9uNR01GrImESOVvg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/wpt2ocfcwTS3JF8RAgA0AKCKsb7lXoMVUXuTYkmpMi+bLieCMQCfQhkK bAv5t7mx4wjwlDdy0dE2scA= =5x5g -----END PGP SIGNATURE----- --9uNR01GrImESOVvg--