"secure" file flag?
StefanEßer
se at FreeBSD.org
Mon Nov 24 00:52:30 PST 2003
On 2003-11-23 17:31 +0100, Dag-Erling Smørgrav <des at des.no> wrote:
> Stefan Eßer <se at FreeBSD.org> writes:
> > What I'm suggesting is to have the obliteration implemented as an
> > add on to the dirty buffer flush, with the difference that the
> > buffer contents is prepared for the next step of the erasure process,
> > written out, and then not declared free but again prepared for the
> > next overwrite pass.
>
> This next pass won't be until thirty seconds later, so it'll take
> about half an hour to completely obliterate a file. Furthermore,
These 30 seconds are not a universal constant and ISTR.
I had in mind, that one obliteration pass is performed.
After each pass, a cache flush has to be performed, and the
next pass is performed immediately or only after a brief delay.
I see, that this may cause too many CPU cycles spent traversing
the buffer cache.
> unmounting a file system less than half an hour after a file is
> deleted or truncated will fail, and shutting down will most likely
> leave the file system unclean due to repeated failures to flush the
> dirty buffer list.
Yes, that's why I meant that fsck might be used to trigger the
restart of an erasure process that was not completed due to
shutdown or a crash. This does obviously no good in case that
somebody else got hold of your disk, menawhile, but it covers
cases that are not dealt with by a user-land utility (which
would just be stopped halfway through when the system goes down).
Regards, STefan
More information about the freebsd-hackers
mailing list