While there is an ext2 file attribute which sets "secure deletion" on a
per-file basis, it has never been implemented in the kernel. Several
reasons for this:
1) Deleting a file really securely takes more than just a single write
of zeros to the disk.
2) It would be a huge performance hit to overwrite a file the 15? or so
times (some random, some patterned data) to really securely delete a
file.
3) This is easily implemented in user-space, either by aliasing "rm" to
a new function, or actually putting in your own "rm" binary which
checks for the "S" attribute on ext2 files, and overwrites properly
it if it a file only has a single link. Then people can implement a
level of security they are comfortable with for their particular needs.
4) Anything that really needs to be secure should not be stored in an
insecure manner to begin with. It should only be written to disk
in encrypted form (see (a) and (b) above for why), and you also need
something like tmpfs + encrypted swap so that you don't get unencrypted
copies written to disk by mistake. Reasons for this are manyfold.
With enough money and technology it is nearly impossible to really
"delete" anything that was written to disk. If it gets written on
another part of the disk, you also have to scrub that (think /tmp or
swap for editing documents). If you make any backups of the disk,
you need to scrub the tapes for every deletion (while keeping copies
of all your other documents), very hard.
Cheers, Andreas
--
Andreas Dilger \ "If a man ate a pound of pasta and a pound of antipasto,
\ would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/ -- Dogbert
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/