From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 24 00:52:30 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 933DA16A4CE; Mon, 24 Nov 2003 00:52:30 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id E155143FAF; Mon, 24 Nov 2003 00:52:28 -0800 (PST) (envelope-from se@freebsd.org) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng3.kundenserver.de with esmtp (Exim 3.35 #1) id 1AOCSJ-0004Vh-00; Mon, 24 Nov 2003 09:52:27 +0100 Received: from [80.132.232.172] (helo=Gatekeeper.FreeBSD.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AOCSJ-0005Zr-00; Mon, 24 Nov 2003 09:52:27 +0100 Received: from StefanEsser.FreeBSD.org (StefanEsser [10.0.0.1]) by Gatekeeper.FreeBSD.org (Postfix) with ESMTP id 6638F5F18; Mon, 24 Nov 2003 09:52:25 +0100 (CET) Received: by StefanEsser.FreeBSD.org (Postfix, from userid 200) id 350E41E9A; Mon, 24 Nov 2003 09:52:25 +0100 (CET) Date: Mon, 24 Nov 2003 09:52:25 +0100 From: Stefan =?iso-8859-1?Q?E=DFer?= To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20031124085225.GA1168@StefanEsser.FreeBSD.org> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> <200311211333.39520.wes@softweyr.com> <20031121235607.GB16700@StefanEsser.FreeBSD.org> <200311230016.31498.wes@softweyr.com> <20031123121501.GA1133@StefanEsser.FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i Content-Transfer-Encoding: quoted-printable X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:fa3fae9b6ca38d745862a668565919f6 cc: Rayson Ho cc: phk@freebsd.org cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2003 08:52:30 -0000 On 2003-11-23 17:31 +0100, Dag-Erling Sm=F8rgrav wrote: > Stefan E=DFer writes: > > What I'm suggesting is to have the obliteration implemented as an > > add on to the dirty buffer flush, with the difference that the=20 > > buffer contents is prepared for the next step of the erasure process, > > written out, and then not declared free but again prepared for the > > next overwrite pass. >=20 > This next pass won't be until thirty seconds later, so it'll take > about half an hour to completely obliterate a file. Furthermore, These 30 seconds are not a universal constant and ISTR. I had in mind, that one obliteration pass is performed.=20 After each pass, a cache flush has to be performed, and the=20 next pass is performed immediately or only after a brief delay. I see, that this may cause too many CPU cycles spent traversing the buffer cache. > unmounting a file system less than half an hour after a file is > deleted or truncated will fail, and shutting down will most likely > leave the file system unclean due to repeated failures to flush the > dirty buffer list. Yes, that's why I meant that fsck might be used to trigger the restart of an erasure process that was not completed due to=20 shutdown or a crash. This does obviously no good in case that=20 somebody else got hold of your disk, menawhile, but it covers cases that are not dealt with by a user-land utility (which=20 would just be stopped halfway through when the system goes down). Regards, STefan