What happens during an unlink(2)
Barry Margolin
barmar at mit-eddie.MIT.EDU
Fri May 2 15:53:26 AEST 1986
In article <238 at chronon.chronon.UUCP> eric at chronon.UUCP (Eric Black) writes:
>Some unitory systems do, indeed, zero out disk blocks when de-allocated,
>and similarly clear memory when freed. Any system you sell to customers
>with concerns about security will require this. Check out DOD requirements
>for secure systems in the "Department of Defense Trusted Computer
>System Evaluation Criteria", publication CSC-STD-001-83 (my copy is
>dated March 1985) for this and other interesting features...
I don't have my copy of the Criteria handy, but I don't believe that it
requires zeroing of freed disk blocks (I'm pretty sure that we don't
zero freed disk blocks on Multics, and we are rated B2). What it
requires is that the old data not be accessible upon reuse. A freed
disk block will never be paged into memory, and when it is reused it
will be completely overwritten by the memory frame being paged out. And
an unused physical memory frame will be zeroed before being allocated
into the page table (but not if the frame is being allocated to hold a
disk page being read in).
Working from memory, I think the only requirement about zeroing has to
do with removable media. The system must be able to completely destroy
the data upon request. For example, we have a tape drive operation
(called "data security erase", I think) that overwrites every record of
the tape several times, to make sure that that no residual data can be
detected.
--
Barry Margolin
ARPA: barmar at MIT-Multics
UUCP: ..!genrad!mit-eddie!barmar
More information about the Comp.unix.wizards
mailing list