Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 May 1999 20:10:43 +0200
From:      Eivind Eklund <eivind@FreeBSD.ORG>
To:        brooks@one-eyed-alien.net
Cc:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, "Ilmar S. Habibulin" <ilmar@ints.ru>, posix1e@cyrus.watson.org, freebsd-security@FreeBSD.ORG
Subject:   Re: secure deletion
Message-ID:  <19990521201043.I85583@bitbox.follo.net>
In-Reply-To: <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>; from brooks@one-eyed-alien.net on Fri, May 21, 1999 at 11:04:25AM -0700
References:  <xzpwvy2pax2.fsf@localhost.ping.uio.no> <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, May 21, 1999 at 11:04:25AM -0700, brooks@one-eyed-alien.net wrote:
> On 21 May 1999, Dag-Erling Smorgrav wrote:
> 
> > "Ilmar S. Habibulin" <ilmar@ints.ru> writes:
> > > Why mount option? Secure deletion is a feature of fs and impacts files of
> > > this on this fs. All of them. So why use mount option?
> > 
> > Because a mount option can be changed at runtime, whereas a kernel
> > option cannot. A mount option would allow you to enable the security
> > feature on file systems which need it but not on file systems which do
> > not need it, whereas a kernel option would enable it unconditionally
> > on all file systems.
> 
> I'd definaly agree that it should be done on an FS by FS bases, but it
> seems that a tunefs flag like softupdates might be more appropriate.  My
> reason for this is simply that if you forget to enable the option once and
> do any write operations to speak of, you will need to completly wipe the
> entire FS to ensure you actually destroy the old data.  Making it a tunefs
> option would mean that you couldn't forget.

Either tunefs or chflags - it would be relatively expensive, so if you
only need it for some data, it is probably better to have more
fine-grained control than per-FS.

Eivind.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990521201043.I85583>