[rsbac] About the Secure Delete Feature
ao at rsbac.org
Mon Mar 16 09:38:25 CET 2020
Am 10.03.20 um 13:01 schrieb Ahmed Alzhrani:
> I have the Secure Delete flag enabled for my RSBAC installation. I set the flag sec_del on a file to test that it is working.
> To my knowledge, there is no log message that confirms sec_del action by FF module, so I used a usb flash drive, created a file and flag it for sec_del and deleted it with rm command.
> I plugged the usb drive into another computer and was able to recover the deleted file using Recoverit Data Recovery tool (Windows).
> Now I am really confused! How do I make sure that the sec_del was called on the file? Also, if it did actually run, why was it easily recovered?
The RSBAC code writes 0 bytes over the file, but the journalling of most
modern filesystems and various optimizations can avoid the actual
overwrite on disk. The wipe(1) man page gives a good summary of the
problem. For testing, you can try on an ext2 or fat filesystem.
I will check the code soon, just to make sure that the overwrite gets
tried at least.
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac