From owner-freebsd-questions  Sat Apr 20 15: 1:28 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail5.nc.rr.com (fe5.southeast.rr.com [24.93.67.52])
	by hub.freebsd.org (Postfix) with ESMTP id E887137B41C
	for <freebsd-questions@freebsd.org>; Sat, 20 Apr 2002 15:01:22 -0700 (PDT)
Received: from i8k.babbleon.org ([66.57.86.84]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Sat, 20 Apr 2002 17:59:49 -0400
Received: by i8k.babbleon.org (Postfix, from userid 111)
	id 52D82BB29; Sat, 20 Apr 2002 17:59:41 -0400 (EDT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Brian T.Schellenberger <bts@babbleon.org>
To: Paul Everlund <tdv94ped@cs.umu.se>
Subject: Re: cat: A bug or just as it should be?
Date: Sat, 20 Apr 2002 17:59:41 -0400
X-Mailer: KMail [version 1.3]
References: <3CC08E8E.B5EEEA90@cs.umu.se> <20020420034724.4FA12BB39@i8k.babbleon.org> <3CC136ED.28E55794@cs.umu.se>
In-Reply-To: <3CC136ED.28E55794@cs.umu.se>
Cc: freebsd-questions@FreeBSD.ORG
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020420215941.52D82BB29@i8k.babbleon.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


On Saturday 20 April 2002 05:37 am, you wrote:
| Anyway, due to security reasons, I believe that removed directories and
| files should be zeroed out, and hence not viewable by 'cat *', but doing
| that maybe have some disadvantages that I do not know 

Really, they aren't zeroed for reasons of efficiency.

I'm not sure what security hole would be plugged by erasing the *name* of the 
old file, but the contents are not, in general, erased either.  I mean it's 
likely that they will get reused "soon" but there's no guarantee of that sort 
of thing.  If security is a serious concern, you should install cfs or 
something of that ilk.  That's what I do.

The base file system is not meant to provide any security against somebody 
who has permissions.  Since anybody can (with default security settings) boot 
in single-user mode without a password and function as root, that means that 
there's no security against anybody with knowledge and physical access to the 
system.

If need security of that sort, then cfs provides it.  (At some cost in 
convenience.)  With cfs, even root can't get to your files.  (This can be a 
pain sometimes, but it's good security.)

-- 
Brian T. Schellenberger . . . . . . .   bts@wnt.sas.com (work)
Brian, the man from Babble-On . . . .   bts@babbleon.org (personal)
                                        http://www.babbleon.org

http://www.eff.org                      http://www.programming-freedom.org 

If you smell the smoke you don't need to be told what you've got to do;
Yet there's a certain breed, so very in-between, they'd rather take a
vote.   -- DEVO  --  Here To Go

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message