unreliable on operating systems with a write cache, cannot work on COW filesystems #2
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
skrubappears to write to the file in streaming mode, without any attempt to synchronize data (fsync()). This means that any operating system with a worthwhile implementation of write caching is likely to write the zeroes into its write cache, make a note to write the "dirty" data from the write-cache back to disk at a later time, and report success.skrubresponds to this apparent success by deleting the file, at which point it is valid for the operating system to discard the dirty data from the write cache without it ever reaching the disk. Instead of fixing this, I would strongly recommend using an existing OS-specific tool such asshredorwipewhich gets the OS-specific details right (to the extent that this is even possible on modern hardware and filesystems).skruband analogous tools such asshredandwipealso cannot possibly work on copy-on-write filesystems such as btrfs, even on hardware where traditional "secure deletion" would have worked, due to the way these filesystems are structured.A better approach to data confidentiality is to use whole-disk encryption such as Linux LUKS or Windows BitLocker, and/or avoid having secrets ever reach the disk at all.
The text was updated successfully, but these errors were encountered: