From owner-freebsd-security  Fri May 21 11:11: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
	by hub.freebsd.org (Postfix) with ESMTP id A6C13159DB
	for <freebsd-security@FreeBSD.ORG>; Fri, 21 May 1999 11:10:55 -0700 (PDT)
	(envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id UAA29620;
	Fri, 21 May 1999 20:10:50 +0200 (CEST)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id UAA89224;
	Fri, 21 May 1999 20:10:44 +0200 (MET DST)
Date: Fri, 21 May 1999 20:10:43 +0200
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: brooks@one-eyed-alien.net
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	"Ilmar S. Habibulin" <ilmar@ints.ru>, posix1e@cyrus.watson.org,
	freebsd-security@FreeBSD.ORG
Subject: Re: secure deletion
Message-ID: <19990521201043.I85583@bitbox.follo.net>
References: <xzpwvy2pax2.fsf@localhost.ping.uio.no> <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>; from brooks@one-eyed-alien.net on Fri, May 21, 1999 at 11:04:25AM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, May 21, 1999 at 11:04:25AM -0700, brooks@one-eyed-alien.net wrote:
> On 21 May 1999, Dag-Erling Smorgrav wrote:
> 
> > "Ilmar S. Habibulin" <ilmar@ints.ru> writes:
> > > Why mount option? Secure deletion is a feature of fs and impacts files of
> > > this on this fs. All of them. So why use mount option?
> > 
> > Because a mount option can be changed at runtime, whereas a kernel
> > option cannot. A mount option would allow you to enable the security
> > feature on file systems which need it but not on file systems which do
> > not need it, whereas a kernel option would enable it unconditionally
> > on all file systems.
> 
> I'd definaly agree that it should be done on an FS by FS bases, but it
> seems that a tunefs flag like softupdates might be more appropriate.  My
> reason for this is simply that if you forget to enable the option once and
> do any write operations to speak of, you will need to completly wipe the
> entire FS to ensure you actually destroy the old data.  Making it a tunefs
> option would mean that you couldn't forget.

Either tunefs or chflags - it would be relatively expensive, so if you
only need it for some data, it is probably better to have more
fine-grained control than per-FS.

Eivind.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message