Re: Still no secure rm in pre2.0.4

Theodore Y. Ts'o (tytso@mit.edu)
Wed, 15 May 1996 18:45:15 -0400


From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Date: Wed, 15 May 1996 21:36:28 +0200 (MET DST)

I just noticed that pre2.0.4 still doesn't support the secure deletion
feature of the ext2 filesystem (which is disabled due to bad interaction
with shared mappings). Are there any plans to put it back in the kernel
before the 2.0 release? The Linus' comments in fs/ext2/truncate.c have
some suggestions how to implement this.

I doubt it, since that would be a pretty significant change, and I don't
think any of the ext2 developers have time just about now.

Now that we have the kernel random number generator, it could be used
here too, instead of the simple predictable one. If the random device
is made a config option and it is disabled, we could simply fill the
deleted disk blocks with zeros - if you are paranoid about such things,
you probably have the random device enabled :-).

You don't need secure randomness for the purpose of overwriting files;
if you want to do more than a simple zeroization of the files, you need
to use very carefully constructed sets of patterns to really erase the
magnetic domains on the hard disk. These patterns are hardware
dependent, but there are some 15-32 pass patterns (!) which should work
for most hardware. It's really slow, though...

A program to clear all unused space on a filesystem would be nice...

Well, all of the tools you need to write such a program are in the ext2
library. Someone just has to do it! :-)

- Ted