Not to add a cold blanket to this...
This would be mostly a "vanity erase" not really a serious "security
erase" since it will not over write the remnants of remapped sectors.
Serious security erase software will unmap sectors and erase both
locations using special microcode features. While getting access to
these remnants may be considered exotic measures, it is becoming less
so with the plenitude vendor specific microcode features, and the
number of data recovery organizations that use spin stands. Sectors
can be remapped without the data being completely bad. It may still
be readable with recoverable errors in the drive.
Jim
On Dec 20, 2006, at 1:41 AM, Darren J Moffat wrote:
Bill Sommerfeld wrote:
There also may be a reason to do this when confidentiality isn't
required: as a sparse provisioning hack..
If you were to build a zfs pool out of compressed zvols backed by
another pool, then it would be very convenient if you could run in a
mode where freed blocks were overwritten by zeros when they were
freed,
because this would permit the underlying compressed zvol to free
*its*
blocks.
A very interesting observation. Particularly given that I have
just created such a configuration - with iSCSI in the "middle".
--
Darren J Moffat
_______________________________________________
security-discuss mailing list
[EMAIL PROTECTED]
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
