Mental Patient on Thu, 12 Sep 2002 19:20:14 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] secure file deletion with journaling filesystems


Gregson Helledy wrote:

I like to have a way to securely delete files on computers I use.  On my
Windows 98 machine at work,
I have Eraser (http://www.iki.fi/st/eraser).  Linux (well, SuSE and
Libranet) come with shred.
However, a quick look at shred's man page warns that it's not useful on
journaling filesystems.  This
would include reiser, ext3, xfs, I guess all of them except ext2.
I'm pretty ignorant about filesystems; is it logically impossible to have
secure deletion with a
journaling filesystem, or is shred just not the tool for the job?

While we're on the topic:  is NTFS a journaling filesystem?

Greg Helledy




I've always wondered about the point of this.

I've always treated files as if they were eternal. Thus, sensitive data is encrypted, and there is no need to 'securely delete' it. If you can securely delete a file, it means you dont have backups (which may have the file also, so you'll need to audit all your backups), which is more risk than its worth.

If you honestly think your data is that critical, and it very well may be, then you're probably better served with an encrypted filesystem than worrying about if rm worked or not. But thats just my 2 bits. Maybe I'm just not understanding the need properly. At work, my homedir had better be backed up regularly. So deleting a file doesnt mean much. At home, things are reasonably backed up, so deleting a file and then going back over all backups/burned cd's/whatever is more of a pain than its worth. So, theory aside, I dont really quite get it.

If the file/data arived via email, it'd be easier for a nefarious individual to intercept and dupe it than recover it, so things that come across the wire, in my mind, are public. If its email/text I'm writing, I can always encrypt it before writing it to disk. *shrug* i dunno.

The fact that a filesystem is journaled shouldnt make deleting a file more difficult as far as I know. The point of the journal is to quickly restore the filesystem to a stable state in the event of a crash. Should your delete be interrupted part way through, I suppose your chances are bout even with a non-journaled filesystem for completeness.
Then again, maybe I've missed the point entirely.


--
Mental (Mental@NeverLight.com)

This body. This body holding me. Be my reminder here that I am not alone in
This body, this body holding me, feeling eternal
All this pain is an illusion.


--Tool "Parabola"

CARPE NOCTEM, QUAM MINIMUM CREDULA POSTERO.

GPG public key: http://www.neverlight.com/pas/Mental.asc




Attachment: pgpBsqmzbfTT3.pgp
Description: PGP signature