Would it be beyond the scope of the grsecurity project to implement a secure delete method that you could apply to directory subjects in the acl? For example you create a subject flag D and any acl that matches this subject flag will perform a more secure delete rather than a simple unlink. I think RSBAC implements something like this and appears to be a great feature!
This would be very useful to people who wish to wipe certain areas of the partition or anywhere on the partition. There are solutions out there now that are replacements for rm and such, however this doesnt cover the multitude of programming languages that have their own unlinks. Thus the best place to do this would be via the kernel.
Thanks
-TGK
feature request (secure file deletion)
2 posts
• Page 1 of 1
feature request (secure file deletion)
by TGKx » Sat Mar 01, 2003 3:06 pm
- TGKx
- Posts: 50
- Joined: Wed Feb 19, 2003 4:39 am
by spender » Sat Mar 01, 2003 11:21 pm
I recall looking into this before, and I think I found out that it's impossible to do at the vfs layer, since you can't simply overwrite the file that already exists with zeroes, as you're not guaranteed where the filesystem will actually write the data, thus you could still end up with some places on the disk containing the data you thought you "securely deleted"
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
2 posts
• Page 1 of 1