tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: GSoC 2011 project proposal [Implement file system flags to scrub data blocks before deletion]



On Wed, Apr 06, 2011 at 12:39:09AM +0000, Christos Zoulas wrote:
> 
> I think we really need to think a bit more about this. I don't think
> tht modern disks require random data writes or many rewrites to eliminate
> the original data. Just zeroing out the blocks should do it. I also

There's certainly little point doing more than rm -P does.  Nor is there
any real advantage -- and there are some real disadvantages -- to using
random data from a hardware generator rather than a PRNG.

I think this project would end up touching many or most -- if not all --
the exact same code paths that TRIM support for SSDs would touch; and
I note there's a real issue with TRIM 'hiding' sectors without causing
them to read-back as all 0 when reallocated, on at least a few devices, so
when we do implement TRIM support, we may want some form of prezeroing
first.

Consequently, I think this project should be more generic -- that there
should be a set of flags, set by the filesystem when it schedules the
I/O, that cause the lower layers to do various things to the blocks in
question: zero them, do the 0xff-0x00-random dance, TRIM them, or
perhaps each in succession.

I agree the mount point is the right granularity for control of this.

Thor


Home | Main Index | Thread Index | Old Index