Subject: Re: FFS reliability problems
To: None <firstname.lastname@example.org>
From: gabriel rosenkoetter <email@example.com>
Date: 06/07/2002 13:54:13
Content-Type: text/plain; charset=us-ascii
On Fri, Jun 07, 2002 at 12:50:57PM -0400, Gary Thorpe wrote:
> Just one question I think is important to the discussion: what about=20
> security? If it is possible to recover unlinked files, is there anyway to=
> guarantee that this information is NOT recoverable if the user wishes?
The thing to keep in mind is that this information is ALWAYS
recoverable (including grewolf's), it's just really expensive
(either in time, money, or both) to do so.
If you want it not to be recoverable, you really need to be using an
encrypted file system or overwriting the disk blocks for deleted
files (repeatedly, to avoid bleed-through).
In any case, the option greywolf wants (and I agree with) for fsck
wouldn't recover a file from a process that had successfully exited,
only one that still had its file handles open when the system
crashed. (If you're concerned about private keys and such, they
shouldn't *be* in a file to begin with, and they would have been
recoverable by an attacker who wants to get your keys by unplugging
your system and making off with it in a wide variety of other ways.
You should assume that if anyone evil has console access, you're
pretty much screwed already, this doesn't make that significantly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
-----END PGP SIGNATURE-----