| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Feb 2015 16:45:12 +0100 From: Alexander Holler <holler@...oftware.de> To: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> CC: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 0/5] RFC: Offer a way for userspace to request real deletion of files Am 03.02.2015 um 16:15 schrieb One Thousand Gnomes: >> What's the answer? Easy and obvious, just (try to) overwrite the contents >> of a file by request from userspace. Filesystems do know where on the >> storage they have written the contents to, so why not just let them delete >> that stuff themself instead? It's almost unbelievable that this was not >> already done in the past 30 years. > > Easy, obvious and wrong 8) > > The last PC hard disks that were defined to do what you told them where > ST-506 MFM and RLL devices. IDE disks are basically 'disk emulators', > SSDs vastly more so. > > An IDE disk can do what it likes with your I/O so long as your requests > and returns are what the standard expects. So for example if you zero a > sector its perfectly entitled to set a bit in a master index of zeroed > sectors. You can't tell the difference and externally it looks like > an ST506 disc with extensions. Even simple devices may well move blocks > around to deal with bad blocks, or high usage spots to avoid having to > keep rewriting the tracks either side. > > An SSD internally has minimal relationship to a disc. If you have the > tools to write a file, write over it, discard it and then dump the flash > chips you'll probably find it's still there. > > If you plug a Raspberry Pi into a modern large hard disk, the chances are > the smarter end of the cable is the disk. Thanks for the explanations, also I was aware of all that. But I still hope some human sense on this list is still left and repeat it again: This feature isn't about military security. This feature isn't about military security. This feature isn't about military security. This feature isn't about military security. It's meant to make it impossible for most (ordinary) people to recover deleted contents. Including most black hats. Of course there might be some governments, companies or similiar organizations with are able to spend an unbelievable amount of resources to recover such stuff. Maybe even some mentalist might be able to recover it. What do I know? But I and most other people don't care for these use cases. They would be happy if at least the most trivial cases to recover deleted contents could be avoided. Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists