Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

From: Bill Davidsen
Date: Wed Feb 04 2004 - 18:55:17 EST

Next message: Nick Warne: "2.6.2 stable"
Previous message: Andrew Morton: "Re: kgdb support in vanilla 2.6.2"
In reply to: Valdis . Kletnieks: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Next in thread: the grugq: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks@xxxxxx wrote:

On Wed, 04 Feb 2004 12:05:07 EST, Bill Davidsen said:

It would be useful to have this as a directory option, so that all files in directory would be protected. I think wherever you do it you have to prevent hard links, so that unlink really removes the data.

This of course implies that 'chattr +s' (or whatever it was) has to fail
if the link count isn't exactly one.

Do you disagree that the count does need to be one?

Also makes for lots of uglyiness
if it's a directory option - you then have to walk all the entries in the
directory and check *their* link counts. Bad Juju doing it in the kernel
if you have a directory with a million entries - and racy as hell if you
do it in userspace.

I agree with everything you said, "useful" doesn't always map to "easy." But if you agree that the count needs to be one on files, then you could also fail if you tried to add it to a directory which was not empty.

In case I didn't make it clear, the use I was considering was to create a single directory in which created files would really go away when deleted. I hadn't considered doing it after files were present, what you say about overhead is clearly an issue. I think I could even envision some bizarre race conditions if the kernel had to do marking of each file, so perhaps it's impractical.

But what happens when the 'setgid' bit is put on a directory? At least in 2.4 existing files do NOT get the group set, only files newly created. So unless someone feels that's a bug which needs immediate fixing, I can point to it as a model by which the feature could be practically implemented.

Comment?

--
bill davidsen <davidsen@xxxxxxx>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nick Warne: "2.6.2 stable"
Previous message: Andrew Morton: "Re: kgdb support in vanilla 2.6.2"
In reply to: Valdis . Kletnieks: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Next in thread: the grugq: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]