lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54D0ED08.1010405@ahsoftware.de>
Date:	Tue, 03 Feb 2015 16:45:12 +0100
From:	Alexander Holler <holler@...oftware.de>
To:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
CC:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/5] RFC: Offer a way for userspace to request real deletion
 of files

Am 03.02.2015 um 16:15 schrieb One Thousand Gnomes:
>> What's the answer? Easy and obvious, just (try to) overwrite the contents
>> of a file by request from userspace. Filesystems do know where on the
>> storage they have written the contents to, so why not just let them delete
>> that stuff themself instead? It's almost unbelievable that this was not
>> already done in the past 30 years.
>
> Easy, obvious and wrong 8)
>
> The last PC hard disks that were defined to do what you told them where
> ST-506 MFM and RLL devices. IDE disks are basically 'disk emulators',
> SSDs vastly more so.
>
> An IDE disk can do what it likes with your I/O so long as your requests
> and returns are what the standard expects. So for example if you zero a
> sector its perfectly entitled to set a bit in a master index of zeroed
> sectors. You can't tell the difference and externally it looks like
> an ST506 disc with extensions. Even simple devices may well move blocks
> around to deal with bad blocks, or high usage spots to avoid having to
> keep rewriting the tracks either side.
>
> An SSD internally has minimal relationship to a disc. If you have the
> tools to write a file, write over it, discard it and then dump the flash
> chips you'll probably find it's still there.
>
> If you plug a Raspberry Pi into a modern large hard disk, the chances are
> the smarter end of the cable is the disk.

Thanks for the explanations, also I was aware of all that. But I still 
hope some human sense on this list is still left and repeat it again:

This feature isn't about military security.
This feature isn't about military security.
This feature isn't about military security.
This feature isn't about military security.

It's meant to make it impossible for most (ordinary) people to recover 
deleted contents. Including most black hats. Of course there might be 
some governments, companies or similiar organizations with are able to 
spend an unbelievable amount of resources to recover such stuff. Maybe 
even some mentalist might be able to recover it. What do I know? But I 
and most other people don't care for these use cases. They would be 
happy if at least the most trivial cases to recover deleted contents 
could be avoided.

Regards,

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ