Linux ext2 and ext3 file systems support addding additional
attributes to files. You do this with "chattr". The most common
attribute is "immutable", which prevents a file from being changed
or deleted, even by root (of course root can simply use chattr to
remove the immutable flag). This can add additional protection
against buffer overflow and other security escalation attacks.
The man page for chattr talks of other attributes that are
supposed to be implemented someday, but it's been talking quite a
while now. Unfortuantely, it gets more confusing. While "man
chattr" still says that the "-s" (secure deletion) flag isn't
supported, the Design and
Implementation of the Second Extended Filesystem page says that
An attribute allows the users to request secure deletion
on files. When such a file is deleted, random data is written in
the disk blocks previously allocated to the file. This prevents
malicious people from gaining access to the previous content of the
file by using a disk editor.
But in fact it doesn't, at least not on my systems. Apparently
it was deliberately removed (from http://www.securityfocus.com/infocus/1407):
Although earlier kernels honored the 'secure deletion'
flag, during the development of the 1.3 series the developers
dropped the implementation of this property since it seemed to
provide at best only a trivial amount of additional security and at
worst a false sense of real security to users unfamiliar with the
inherent problems of any 'secure deletion' scheme.
The man page also says that the -c (compression) attribute
doesn't work. You can, however, add that with the e2compr
patch. Note this 1998 mention of adding
it to the kernel.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Tony Lawrence
Find me on Google+
© 2011-07-06 Tony Lawrence