[sclug] Clearing out file system dead space, was: I have an idea

[Dickon Hood]

On Sun, Apr 26, 2009 at 22:25:42 +0000, Ed Davies wrote:

: Indeed, I do have the relevant projects on encrypted
: partitions.  Still, it would be nice to be sure that any
: files which have found their way on to my main partitions
: (e.g., temporary files) which have since been deleted are
: really gone.

Mount /var/tmp and /tmp as tmpfs, with crypto block devices with keys
generated at boot providing the backing.  This isn't particularly hard to
do, and protects against things like that.

: It's not a big deal - I just thought there might, in some
: cases, be an easier solution to Neil's original question.

Actually, the question isn't as simple as you'd think, and requires some
support from the filesystem to implemenet properly.  If, say, you have a
copy-on-write filesystem (such as WAFL (NetApp's filesystem) or ZFS
(Solaris)), merely writing over the blocks isn't going to help, as fresh
ones will be allocated for the write; techniques like this allow for
snapshots to be taken, reasonably trivially.

Similarly, if your more traditional filesystem is backed by a SAN
filestore of some sort, there's a good chance that it might be doing the
same thing: a common technique to backup SAN-backed filesystems is to get
the SAN to snapshot, then mount that snapshot read-only, and backup from
there.

I *think* I'm right in saying that ext4 can commit data to its journal,
and not commit the journal if the object written to is subsequently
deleted.  There are lots of similar holes.

Securely deleting data isn't trivial.

-- 
Dickon Hood

Due to digital rights management, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible.  We apologise for the
inconvenience in the meantime.

No virus was found in this outgoing message as I didn't bother looking.