On 2003-11-22 11:04 +0100, Dag-Erling Smørgrav <[EMAIL PROTECTED]> wrote: > Stefan Eßer <[EMAIL PROTECTED]> writes: > > I may be way off, but I do not think, that a special thread or > > a cache flush after each block is required: [...] > > What happens if you yank the power cord?
Worst case: The same thing that happened, if the you lost power a fraction of a second earlier, just before the unlink or loss of last reference to the file ... Nothing short of a self-destruct mechanism will do any better ;-) (You could provide an internal UPS and try to prevent unauthorized access to hardware components by sealing the components in a special enclosing, but I guess we are getting carried away. Better protect against unauthorized access to the computer and have it emergency shutdown (with secure deletion of critical information) in case of a (physical :) access violation. Back to the subject of this thread: You could write a special flag "needs to be securely removed" to the inode. That way, an interrupted overwrite process could be continued after next reboot (for example initiated by fsck). This is meant to protect against traces of sensible data being left on the disk for a long time after a crash. But such an inode would also indicate to an attacker the disk blocks that where considered needing protection and may make an attack at the magnetic residue practical at all ... But the real problem appears to be, when to mark the blocks and inode as free. Normally, the blocks are returned to the free block map when an inode is invalidated. File system blocks may not be reused, before the overwrite procedure has completed. Again, this requires that the inode is only removed after the last file block has been processed. But I'm not sure whether there is a mechanism that allows invalidating the inode after the last associated buffer has been flushed ... Regards, STefan _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"