Re: [Ext4 Secure Delete 7/7v4] ext4/jbd2: Secure Delete: Secure delete journal blocks
From: Eric Sandeen <hidden>
Date: 2011-10-07 19:54:39
Also in:
linux-fsdevel
On 10/7/11 1:35 PM, Darrick J. Wong wrote:
On Fri, Oct 07, 2011 at 12:11:05AM -0700, Allison Henderson wrote:quoted
This patch modifies both ext4 and jbd2 such that the journal blocks which may contain file data, are securely deleted after the files data blocks are deleted. Because old journal blocks may contain file data, we need a way to find those blocks again when it comes time to secure delete the file. This patch adds a new list to the journal structure to keep track of which vfs blocks the journal blocks contain. After a truncate or a punch hole operation has completed, a new function ext4_secure_delete_jblks is called that flushes the journal, and then searches the list for any journal blocks that were used to journal the blocks that were just removed. The found journal blocks are then secure deleted.
And what about directory data? Those would appear to remain in the journal at least... And xattrs? #!/bin/bash rm -f testsecdel truncate --size 256m testsecdel mkfs.ext4 -F testsecdel &>/dev/null mount -o loop testsecdel mnt/ echo securedata > mnt/securefilename setfattr -n user.securexattrname -v securexattrvalue mnt/securefilename LONGATTR=`for I in 1 2 3 4 5 6 7 8 9 0; do echo -n veryveryveryveryveryveryverylongsecurexattrvalue; done` setfattr -n user.longsecurexattrname -v $LONGATTR mnt/securefilename sync rm -f mnt/securefilename umount mnt strings testsecdel yields: /mnt/test2/mnt lost+found securexattrname Ylongsecurexattrname mselinux veryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvalueveryveryveryveryveryveryverylongsecurexattrvaluesecurexattrvalueunconfined_u:object_r:file_t:s0 lost+found securefilename /mnt/test2/mnt (this was with ext4.ko hacked to always enable secure delete) -Eric