From owner-freebsd-security Sat May 22 9: 1:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 9556F14C2F for ; Sat, 22 May 1999 09:01:49 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id JAA29860; Sat, 22 May 1999 09:01:14 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id JAA26984; Sat, 22 May 1999 09:01:14 -0700 Received: from softweyr.com ([204.68.178.39]) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA03396; Sat, 22 May 99 09:01:10 PDT Message-Id: <3746D4C6.4A284FE0@softweyr.com> Date: Sat, 22 May 1999 10:01:10 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Warner Losh Cc: freebsd-security@FreeBSD.ORG Subject: Re: secure deletion References: <199905220836.CAA02030@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > In message "Ilmar S. Habibulin" writes: > : On 21 May 1999, Dag-Erling Smorgrav wrote: > : > : > Because a mount option can be changed at runtime, whereas a kernel > : > option cannot. A mount option would allow you to enable the security > : > feature on file systems which need it but not on file systems which do > : > not need it, whereas a kernel option would enable it unconditionally > : > on all file systems. > : And what about it? I just don't understand why this option must be > : fs-specific. If file have no flag, it would be deleted in ordinary way. > > I think that what people are saying, if I understand them correctly, > is that it would be desirable if an entire file system could be told > to do the shredding delete. This would make it useful for a > filesystem mounted on /tmp, for example. If you're really concerned about security, you'll want this on enabled on swap spaces, too, just in case sensitive data got swapped to disk. You can't avoid having it on disk while the page is active, but certainly want it securely erased when the page is no longer in use. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message