"secure" file flag?

StefanEßer se at FreeBSD.org
Sun Nov 23 04:15:12 PST 2003 

On 2003-11-23 00:16 -0800, Wes Peters <wes at softweyr.com> wrote:
> On Friday 21 November 2003 03:56 pm, Stefan Eßer wrote:
> > A simple algorithm could just mark each buffer with a special
> > kind of dirty flag and a counter for the pass number (in fact,
> > the existing dirty flag could be used, and a counter set to the
> > number of passes required, with 0 indicating that the buffer is
> > to be flushed to disk "as is" in the normal way).
> 
> Oh, but you're wrong, if you actually want to ERASE the data on the disk 
> platters.  That's why I've referred people to the obliterate program in 
> ports several times.  Read the references contained there, then come back 
> to this discussion.

This is rude!

It's been some time since I read the Gutmann paper, but I still remember 
the points he made and even quite a number of the details.

Either my (English) language skills are insufficient to make my point, 
or you just didn't read what I wrote. I thought it was obvious that 
if I'm talking of several passes, that each one writes specific data 
(either a complement of the original data, a suitable pattern or random 
data). 

What I'm suggesting is to have the obliteration implemented as an
add on to the dirty buffer flush, with the difference that the 
buffer contents is prepared for the next step of the erasure process,
written out, and then not declared free but again prepared for the
next overwrite pass. A counter is required to keep the required
state information for each individual buffer. AFAIK, there is no 
need to retain original data (or its complement) for the process,
so in fact all that is needed is a pass counter and the very simple
FA. There is no need for a special thread, and that was the point
I was trying to make.

Takling of obliterate: There is the patterns[] array and the "passno"
variable attached to a buffer could select one of those patterns on
each pass of the elevator. (Well, may be a seperate thread might be
better to prepare buffers by filling in the correct patterns at slightly 
reduced priority ...)

> If you just want to zero the blocks, that is a lot easier, but you're not 
> really protecting anything from anyone who can get their hands on the 
> disk.

Who is talking about just zeroing blocks ?
Please take the time to actually read the messages you reply to ...

Regards, STefan

More information about the freebsd-hackers mailing list