From owner-freebsd-hackers@FreeBSD.ORG  Mon Nov 24 01:16:27 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D952716A4CE; Mon, 24 Nov 2003 01:16:27 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B64B543F93; Mon, 24 Nov 2003 01:16:26 -0800 (PST)
	(envelope-from se@freebsd.org)
Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de)
	by moutng2.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AOCpT-0005rK-00; Mon, 24 Nov 2003 10:16:23 +0100
Received: from [80.132.232.172] (helo=Gatekeeper.FreeBSD.org)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1AOCpT-0000pv-00; Mon, 24 Nov 2003 10:16:23 +0100
Received: from StefanEsser.FreeBSD.org (StefanEsser [10.0.0.1])
	by Gatekeeper.FreeBSD.org (Postfix) with ESMTP
	id 5C0A05F18; Mon, 24 Nov 2003 10:16:21 +0100 (CET)
Received: by StefanEsser.FreeBSD.org (Postfix, from userid 200)
	id 15E6A1EBC; Mon, 24 Nov 2003 10:16:21 +0100 (CET)
Date: Mon, 24 Nov 2003 10:16:21 +0100
From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Message-ID: <20031124091621.GB1168@StefanEsser.FreeBSD.org>
References: <xzpfzgfrqqg.fsf@dwp.des.no> <8799.1069607075@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8799.1069607075@critter.freebsd.dk>
User-Agent: Mutt/1.5.5.1i
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:fa3fae9b6ca38d745862a668565919f6
cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>
cc: freebsd-hackers@FreeBSD.org
cc: Rayson Ho <raysonlogin@yahoo.com>
Subject: Re: "secure" file flag?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2003 09:16:28 -0000

On 2003-11-23 18:04 +0100, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> 1.  Look for BIO_DELETE in the kernel.

Seems that BIO_DELETE isn't really supported anymore
(according to a comment in your GEOM sources ;-)

AFAICT, BIO_DELETE can't easily be made a long running 
operation (taking tens of revolutions of a disk media)
without really hurting performance because of assumptions
that it will take about the same time as BIO_WRITE ...

> 2.  Use GBDE or other encryption.

Yes, probably. But encryption is only as good as key
management and secure storage (and deletion) of keys. 
How do you implement unattended reboot, if you consider
unauthorized (physical) access to your system as one 
of the attack scenarios to protect against ?
(Not meaning, that secure erase would really solve
that problem ...)

Regards, STefan