Panic in ffs_valloc (Was: Unexpected SU+J inconsistency AGAIN -- please, don't shift topic to ZFS!)

Lev Serebryakov lev at FreeBSD.org
Wed Mar 6 08:30:03 UTC 2013


Hello, Don.
You wrote 6 марта 2013 г., 12:23:23:

>> DL> When growing a file, the data *must* be written before writing the block
>> DL> pointer that points to it.  If this ordering isn't obeyed, then a system
>> DL> crash that occurs between the block pointer write and the data write
>> DL> would result in the file containing whatever garbage was in the data
>> DL> block.  That garbage could be the confidential contents of some other
>> DL> user's previously deleted file.
>>  It  is why confidential data should be zeored-out before file deletion
>>  :)
DL> Performance when deleting multi-gigabyte, low-value files would kind of
DL> suck if we did that ...
 It  should  be  application-level decision. And user-level, really :)
 Yes,  I'm  paranoid,  and  delete  all  sensitive  data  with special
 software,  which  does  several  passes  of writing zeroes, ones and
 random garbage :)

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>



More information about the freebsd-fs mailing list