Secure deletion and trash bin support
Secure deletion and trash bin support
Posted Dec 7, 2006 10:36 UTC (Thu) by nix (subscriber, #2304)Parent article: Secure deletion and trash bin support
My understanding was that the `undeletable' attribute led ext[23] to try to make the file easier to undelete: the opposite effect.
It's a rather bad name for an attribute, really :/
Posted Dec 7, 2006 10:36 UTC (Thu)
by nix (subscriber, #2304)
[Link]
Posted Dec 7, 2006 14:24 UTC (Thu)
by Robin.Hill (subscriber, #4385)
[Link] (1 responses)
The initial step in this proposal is the same for both attributes - the file is moved to a trash directory. The user process will then check these files and, for those with the secure deletion flag set, erase them. Those with the undeletable attribute set will just be left in the trash directory (presumably trying to set both attributes will produce an error somewhere!).
Posted Dec 8, 2006 0:54 UTC (Fri)
by nix (subscriber, #2304)
[Link]
(gah.)
The trash directory thing has all sorts of horrible potential problems,
I can see half a dozen ways to DoS the system with this alone, especially
Posted Dec 8, 2006 15:48 UTC (Fri)
by niallm (guest, #3923)
[Link]
Hm, actually, I think you may have been saying the same thing and I misread it. It really is *not* a very good name for an attribute...Secure deletion and trash bin support
Yes, the undeletable attribute means that the file can be undeleted. This is separate from the secure deletion attribute which means the file should be totally erased (and therefore not undeletable).Secure deletion and trash bin support
This is, of course, not to be confused with the immutable attribute, which Secure deletion and trash bin support
(among other effects) makes a file un-deletable.
though, particularly when group- or world-writable directories are
concerned. (World-writable isn't common outside of /tmp, but
group-writable is common.)
if users can set attributes on the trash directory such that users can ask
to move files in there but then don't have privileges to delete them from
there...
It's the difference between un-deleteable and undelete-able.Secure deletion and trash bin support