Date: Thu, 20 Nov 2003 13:27:29 -0800 From: Wes Peters <wes@softweyr.com> To: Rayson Ho <raysonlogin@yahoo.com>, freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? Message-ID: <200311201327.29226.wes@softweyr.com> In-Reply-To: <20031119003133.18473.qmail@web11404.mail.yahoo.com> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 18 November 2003 16:31, Rayson Ho wrote:
> I am wondering if it is useful to have a "secure" file flag??
>
> The secure file flag will be set for files that contain sensitive
> data. Then the OS will take special care when operating on those
> "secure" files.
>
> e.g. when deleting a "secure" file, the OS will overwrite the file
> with random data.
Better to overwrite it with a more "secure" pattern. See ports/
sysutils/obliterate for references. It has been mentioned before that
this could be done on in the kernel, obliterating blocks in the VM
rather than zeroing them. I hadn't thought of applying at the file or
filesystem level.
> One advantage would be to have "secure" files in the same filesystem
> as other normal files.
>
> Any one knows if FreeBSD has already implemented this??
The closest we have is the 'rm -P' command and the above-mentioned
obliterate command. The overwrite pattern used in 'rm -P' is not
likely to be effective against a dedicated inspection of the disk; the
one in obliterate somewhat more so.
This sounds like an interesting file flag. Would you expect the process
to block on the unlink(2) call while the overwrite takes place, or for
this to happen in a kernel thread? The former seems pretty straight-
forward, hacking at ffs_blkfree. The latter I really wouldn't know how
to begin without (a lot) more study.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters wes@softweyr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311201327.29226.wes>