DragonFly bugs List (threaded) for 2009-09
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Simon 'corecode' Schubert wrote:
Likewise conventional tape archives - hence an admin issue more than architectural - and by no means a situation unique to Hammer [1].
However:
- given the manner in which Hammer operates, 'obliterate' style delete with multiple randomized overwrite at the relevant physical media storage locations wouldn't seem to get the job done, and/or could be highly impractical to apply over multi-generation history - most especially where networked / remote / removable media is involved - and is not under the thumb of [one of] the file owners....
In this respect, Hammer is a bit like the proverbial 'cautious' government clerk told to destroy certain files:
Naturally, he made a copy of each before burning, just to cover his a** ....
Sounds like a utility [ set] is needed?
ELSE - as always - end-lusers warned to privately encrypt their valuables as they go...
Best,
Bill Hacker
[1] *Any* storage media, especially incremental or 'layered' ones - sedimentary rock for example - is a potential source of recovery of historical information that the original owner might have wished kept private.
Think of the embarassment of the dinosaur outed 135 million years on ....as having been stupid enough to have mis-stepped and suffocated in a mudhole....
;-)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: Hammer history security concern
| From: | Bill Hacker <wbh@xxxxxxxxxxxxx> |
| Date: | Wed, 09 Sep 2009 07:06:05 +0800 |
Simon 'corecode' Schubert wrote:
Hammer history mounts allow access to deleted files.
This can be an issue if you realized that this data should not have been available in the first place.
An alternate scenario is that group membership changed, and you don't want the new group members to have access to past data.
I think we should address this in some sort in the release. One way is to only allow the owner to access the snapshot, and ignore group/other permissions on snapshots. This is probably very inconvenient, especially for root owned system directories.
Another way would be to somehow combine current and past owner/flags, but this is probably hard to reason about.
cheers simon
Likewise conventional tape archives - hence an admin issue more than architectural - and by no means a situation unique to Hammer [1].
However:
- given the manner in which Hammer operates, 'obliterate' style delete with multiple randomized overwrite at the relevant physical media storage locations wouldn't seem to get the job done, and/or could be highly impractical to apply over multi-generation history - most especially where networked / remote / removable media is involved - and is not under the thumb of [one of] the file owners....
In this respect, Hammer is a bit like the proverbial 'cautious' government clerk told to destroy certain files:
Naturally, he made a copy of each before burning, just to cover his a** ....
Sounds like a utility [ set] is needed?
ELSE - as always - end-lusers warned to privately encrypt their valuables as they go...
Best,
Bill Hacker
[1] *Any* storage media, especially incremental or 'layered' ones - sedimentary rock for example - is a potential source of recovery of historical information that the original owner might have wished kept private.
Think of the embarassment of the dinosaur outed 135 million years on ....as having been stupid enough to have mis-stepped and suffocated in a mudhole....
;-)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]