> Suppose you modified the 'C' runtime library so it could be recompiled with
> a switch that changes anything that 'removes' files to:
>
> stat the file (to get length);
> write the file with junk.
> close the file.
> sync the file-system.
> unlink the file.
> sync the file-system.
>
For one thing, it isn't atomic. If the length of the file increases after the
stat, the extra blocks won't be cleared. This could be detected by adding another
stat after the clearing (and a loop if necessary), but the length of the file could
temporarily increase, and then decrease. Only the kernel can do this atomically.
> The problem with doing this in the kernel is that any time anything
> removes a file, you have to flush buffers to disk to make sure that
> the new data gets to the physical media. This will slow the file-system
> to a crawl.
Remember, not every application is particularly performance sensitive. I'd be
willing to accept poor performance for increased security *for certain
applications*.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html