Linux ext2 and ext3 file systems support addding additional attributes to files. You do this with "chattr". The most common attribute is "immutable", which prevents a file from being changed or deleted, even by root (of course root can simply use chattr to remove the immutable flag). This can add additional protection against buffer overflow and other security escalation attacks.

The man page for chattr talks of other attributes that are supposed to be implemented someday, but it's been talking quite a while now. Unfortuantely, it gets more confusing. While "man chattr" still says that the "-s" (secure deletion) flag isn't supported, the Design and Implementation of the Second Extended Filesystem page says that it does:

An attribute allows the users to request secure deletion on files. When such a file is deleted, random data is written in the disk blocks previously allocated to the file. This prevents malicious people from gaining access to the previous content of the file by using a disk editor.

But in fact it doesn't, at least not on my systems. Apparently it was deliberately removed (from

Although earlier kernels honored the 'secure deletion' flag, during the development of the 1.3 series the developers dropped the implementation of this property since it seemed to provide at best only a trivial amount of additional security and at worst a false sense of real security to users unfamiliar with the inherent problems of any 'secure deletion' scheme.

The man page also says that the -c (compression) attribute doesn't work. You can, however, add that with the e2compr patch. Note this 1998 mention of adding it to the kernel.

Got something to add? Send me email.

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

privacy policy