User: Password:
|
|
Subscribe / Log in / New account

Secure deletion and trash bin support

Secure deletion and trash bin support

Posted Dec 7, 2006 10:36 UTC (Thu) by nix (subscriber, #2304)
Parent article: Secure deletion and trash bin support

My understanding was that the `undeletable' attribute led ext[23] to try to make the file easier to undelete: the opposite effect.

It's a rather bad name for an attribute, really :/


(Log in to post comments)

Secure deletion and trash bin support

Posted Dec 7, 2006 10:36 UTC (Thu) by nix (subscriber, #2304) [Link]

Hm, actually, I think you may have been saying the same thing and I misread it. It really is *not* a very good name for an attribute...

Secure deletion and trash bin support

Posted Dec 7, 2006 14:24 UTC (Thu) by Robin.Hill (subscriber, #4385) [Link]

Yes, the undeletable attribute means that the file can be undeleted. This is separate from the secure deletion attribute which means the file should be totally erased (and therefore not undeletable).

The initial step in this proposal is the same for both attributes - the file is moved to a trash directory. The user process will then check these files and, for those with the secure deletion flag set, erase them. Those with the undeletable attribute set will just be left in the trash directory (presumably trying to set both attributes will produce an error somewhere!).

Secure deletion and trash bin support

Posted Dec 8, 2006 0:54 UTC (Fri) by nix (subscriber, #2304) [Link]

This is, of course, not to be confused with the immutable attribute, which
(among other effects) makes a file un-deletable.

(gah.)

The trash directory thing has all sorts of horrible potential problems,
though, particularly when group- or world-writable directories are
concerned. (World-writable isn't common outside of /tmp, but
group-writable is common.)

I can see half a dozen ways to DoS the system with this alone, especially
if users can set attributes on the trash directory such that users can ask
to move files in there but then don't have privileges to delete them from
there...

Secure deletion and trash bin support

Posted Dec 8, 2006 15:48 UTC (Fri) by niallm (subscriber, #3923) [Link]

It's the difference between un-deleteable and undelete-able.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds