| From: | "asaba(dot)takanori(at)fujitsu(dot)com" <asaba(dot)takanori(at)fujitsu(dot)com> |
|---|---|
| To: | 'Kyotaro Horiguchi' <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | RE: Complete data erasure |
| Date: | 2020-01-17 08:29:15 |
| Message-ID: | OSBPR01MB47281753B36E2A25B1D1EAD48C310@OSBPR01MB4728.jpnprd01.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello, Horiguchi-san
Thank you for comment.
At Wed, 15 Jan 2020 03:46 +0000, "Kyotaro Horiguchi "<horikyota(dot)ntt(at)gmail(dot)com> wrote in
> shred(1) or wipe(1) doesn't seem to contribute to the objective on
> journaled or copy-on-write file systems. I'm not sure, but maybe the
> same can be true for read-modify-write devices like SSD. I'm not sure
> about SDelete, but anyway replacing unlink() with something like
> 'system("shred")' leads to siginificant performance degradation.
>
> man 1 wipe says (https://linux.die.net/man/1/wipe) : (shred has a
> similar note.)
>
> > NOTE ABOUT JOURNALING FILESYSTEMS AND SOME RECOMMENDATIONS
> (JUNE 2004)
> > Journaling filesystems (such as Ext3 or ReiserFS) are now being used
> > by default by most Linux distributions. No secure deletion program
> > that does filesystem-level calls can sanitize files on such
> > filesystems, because sensitive data and metadata can be written to the
> > journal, which cannot be readily accessed. Per-file secure deletion is
> > better implemented in the operating system.
shred can be used in certain modes of journaled file systems.
How about telling users that they must set the certain mode
if they set shred for erase_command in journaled file systems?
man 1 shred goes on like this:
> In the case of ext3 file systems, the above disclaimer applies (and shred is thus
> of limited effectiveness) only in data=journal mode, which journals file data in
> addition to just metadata. In both the data=ordered (default) and data=writeback
> modes, shred works as usual. Ext3 journaling modes can be changed by adding the
> data=something option to the mount options for a particular file system in the
> /etc/fstab file, as documented in the mount man page (man mount).
As shown above, shred works as usual in both the data=ordered (default) and data=writeback modes.
I think data=journal mode is not used in many cases because it degrades performance.
Therefore, I think it is enough to indicate that shred cannot be used in data=journal mode.
Regards,
--
Takanori Asaba
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yugo NAGATA | 2020-01-17 08:33:48 | Re: Incremental View Maintenance: ERROR: out of shared memory |
| Previous Message | Yugo NAGATA | 2020-01-17 08:21:18 | Re: Implementing Incremental View Maintenance |