[rsbac] secure delete and journaling filesystems

Michael Chang miranda at ion.uranus.com
Sun Aug 24 16:28:35 MEST 2003

On Sun, 24 Aug 2003, Amon Ott wrote:

|> On Samstag, 23. August 2003 15:14, Josh Beagley wrote:
|> > With the majority of journaling filesystems, such as ext3 and XFS,
|> > combined with using rsbac secure delete, is there risk of data though to
|> > be "securely deleted" being recovered from the filesystem journal?
|> The secure_delete code in RSBAC fsyncs all data before it gets deleted. I 
|> expect the filesystems to honour the sync call correctly, but cannot tell for 
|> sure. Also, I do not know how the journal data is kept on disk.

See the man page for the `shred' utility that comes with the GNU fileutils
package.  This might shed some light on things.  A short snippit follows:

shred - delete a file securely, first overwriting it to hide its contents


CAUTION:  Note  that  shred relies on a very important assumption: that
the filesystem overwrites data in place.  This is the  traditional  way
to  do  things,  but many modern filesystem designs do not satisfy this
assumption.  The following are examples of filesystems on  which  shred
is not effective:

 * log-structured or journaled filesystems, such as those supplied with
   AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

 * filesystems that  write  redundant  data  and carry on even if some
   writes fail, such as RAID-based filesystems

 * filesystems that make snapshots, such as Network Appliance's NFS server

 * filesystems that cache in temporary locations, such as NFS version 3

 * compressed filesystems


Whether or not fsync syncs journalled data as well as the normal FS
buffers remains to be seen.  Probably best to ask the developers of
the filesystem that you're using.


* "Afraid of change, afraid of staying the same,
*  when temptation calls, we just look away."
*  - Barenaked Ladies
* "He started writing in mirror writing, 'Help! I'm
*  trapped behind the world.'"
*  - New York State Journal of Medicine
* Michael Chang
* miranda at uranus.com
* http://www.syndetic.org/

More information about the rsbac mailing list