> On Fri, 3 Jan 1997, Andrew E. Mileski wrote:
>
> > > It used to be possable to prevent undelete by deleting a file, over
> > > writing it byte for byte, and deleting that file. But it seems that this
> > > no longer works under the newer kernels. How could one be prevented for
> > > undeleting files under the newer kernels? And info would be greatly
> > > appreaciated. Thanks.
> > I'd be amazed if that ever worked.
> > You have to over-write the file, and sync, _before_ you unlink it.
> > You can hold a file open THEN unlink it though - this will prevent
> > anyone else from opening the file while it is being over-written.
> > As long as a file is held open, its data is kept intact after an unlink.
>
> I'm not sure of the status of it, but didn't the attribute 's' (see
> chattr(1)) accomplish this?
>
> ie,
> chattr +s filename
It used to work, but in 2.0.x kernels I find this in linux/fs/ext2/truncate.c:
/*
* Secure deletion currently doesn't work. It interacts very badly
* with buffers shared with memory mappings, and for that reason
* can't be done in the truncate() routines. It should instead be
* done separately in "release()" before calling the truncate routines
* that will release the actual file blocks.
*
* Linus
*/
and the relevant code is commented out.
-Andi