[rsbac] About the Secure Delete Feature

Amon Ott ao at rsbac.org
Tue Mar 31 13:02:55 CEST 2020


Am 16.03.20 um 09:38 schrieb Amon Ott:
> Am 10.03.20 um 13:01 schrieb Ahmed Alzhrani:
>> I have the Secure Delete flag enabled for my RSBAC installation. I set the flag sec_del on a file to test that it is working. 
>> To my knowledge, there is no log message that confirms sec_del action by FF module, so I used a usb flash drive, created a file and flag it for sec_del and deleted it with rm command.
>> I plugged the usb drive into another computer and was able to recover the deleted file using Recoverit Data Recovery tool (Windows).
>> Now I am really confused! How do I make sure that the sec_del was called on the file? Also, if it did actually run, why was it easily recovered?
> 
> The RSBAC code writes 0 bytes over the file, but the journalling of most
> modern filesystems and various optimizations can avoid the actual
> overwrite on disk. The wipe(1) man page gives a good summary of the
> problem. For testing, you can try on an ext2 or fat filesystem.
> 
> I will check the code soon, just to make sure that the overwrite gets
> tried at least.

The ext4 (and thus ext3) interception for secure delete has been
misplaced at merging some versions ago, so it could not work.

Unfortunately, I have not been able to reenable security delete for ext4
without kernel traces or even lockups - the code needs to be placed too
deeply into the delete functionality, where locks have already been
taken. So there is not going to be ext4 secure delete by RSBAC in the
near future, I might even remove this now obsolete functionality some
day soon.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22


More information about the rsbac mailing list