Panic in ffs_valloc (Was: Unexpected SU+J inconsistency AGAIN -- please, don't shift topic to ZFS!)
Lev Serebryakov
lev at FreeBSD.org
Wed Mar 6 08:30:03 UTC 2013
Hello, Don.
You wrote 6 марта 2013 г., 12:23:23:
>> DL> When growing a file, the data *must* be written before writing the block
>> DL> pointer that points to it. If this ordering isn't obeyed, then a system
>> DL> crash that occurs between the block pointer write and the data write
>> DL> would result in the file containing whatever garbage was in the data
>> DL> block. That garbage could be the confidential contents of some other
>> DL> user's previously deleted file.
>> It is why confidential data should be zeored-out before file deletion
>> :)
DL> Performance when deleting multi-gigabyte, low-value files would kind of
DL> suck if we did that ...
It should be application-level decision. And user-level, really :)
Yes, I'm paranoid, and delete all sensitive data with special
software, which does several passes of writing zeroes, ones and
random garbage :)
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-fs
mailing list