From owner-freebsd-hackers@FreeBSD.ORG Thu Nov 20 13:27:42 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C39516A4CE for ; Thu, 20 Nov 2003 13:27:42 -0800 (PST) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id CACAE43FD7 for ; Thu, 20 Nov 2003 13:27:41 -0800 (PST) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (corp-2.ipinc.com [199.245.188.2]) by smtp-relay.omnis.com (Postfix) with ESMTP id C1E7072DFD; Thu, 20 Nov 2003 13:26:46 -0800 (PST) From: Wes Peters Organization: Softweyr.com To: Rayson Ho , freebsd-hackers@freebsd.org Date: Thu, 20 Nov 2003 13:27:29 -0800 User-Agent: KMail/1.5.2 References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> In-Reply-To: <20031119003133.18473.qmail@web11404.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311201327.29226.wes@softweyr.com> Subject: Re: "secure" file flag? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 21:27:42 -0000 On Tuesday 18 November 2003 16:31, Rayson Ho wrote: > I am wondering if it is useful to have a "secure" file flag?? > > The secure file flag will be set for files that contain sensitive > data. Then the OS will take special care when operating on those > "secure" files. > > e.g. when deleting a "secure" file, the OS will overwrite the file > with random data. Better to overwrite it with a more "secure" pattern. See ports/ sysutils/obliterate for references. It has been mentioned before that this could be done on in the kernel, obliterating blocks in the VM rather than zeroing them. I hadn't thought of applying at the file or filesystem level. > One advantage would be to have "secure" files in the same filesystem > as other normal files. > > Any one knows if FreeBSD has already implemented this?? The closest we have is the 'rm -P' command and the above-mentioned obliterate command. The overwrite pattern used in 'rm -P' is not likely to be effective against a dedicated inspection of the disk; the one in obliterate somewhat more so. This sounds like an interesting file flag. Would you expect the process to block on the unlink(2) call while the overwrite takes place, or for this to happen in a kernel thread? The former seems pretty straight- forward, hacking at ffs_blkfree. The latter I really wouldn't know how to begin without (a lot) more study. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com