Go to file
tls e9e0ca4155 Change behaviour of -P option to conform generally to DoD 5220.22-M
standard.  This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3.  However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard.  To quote the manual page:

     The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
     trial Security Program Operating Manual" ("NISPOM") as updated by Change
     2 and the July 23, 2003 "Clearing & Sanitization Matrix".  However,
     unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
     which make it clear that the standard does not and can not apply to the
     erasure of individual files, in particular requirements relating to spare
     sector management for an entire magnetic disk.  Because these
     requirements are not met, the -P option does not conform to the standard.

This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write.  Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters.  Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.

This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
2004-01-11 02:04:05 +00:00
bin Change behaviour of -P option to conform generally to DoD 5220.22-M 2004-01-11 02:04:05 +00:00
contrib/sys Synchronize with FreeBSD: 2003-12-16 06:48:08 +00:00
crypto Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no) 2003-12-11 09:46:26 +00:00
dist Don't bother complaining about "no IPv6 interfaces" or "no IPv4 interfaces" 2003-12-20 17:38:19 +00:00
distrib + x set lists for mac68k 2004-01-10 13:43:56 +00:00
doc file-4.07 is out. 2004-01-10 23:04:56 +00:00
etc /dev/grf? on x68k must not be accessed without the root priviledge. 2004-01-10 07:17:08 +00:00
games Use PROG_CXX so we don't need to include -lstdc++ explicitly. From Nick Hudson. 2004-01-05 15:35:59 +00:00
gnu PR/24021: Greg Troxel: cvs(1) doesn't work with mode 770 repositories for 2004-01-08 17:51:33 +00:00
include - libc.so.12.109 and libpthread.so.0.4 2004-01-02 18:56:39 +00:00
lib - add deadlock check to pthread_rwlock_wrlock and pthread_rwlock_timedwrlock 2004-01-09 18:08:28 +00:00
libexec Remove duplicated headers. Pointed out by Peter Postma in PR bin/24002. 2004-01-06 14:30:10 +00:00
regress Remove previous makefile hack (disabling optimization) and add 2004-01-07 19:42:22 +00:00
rescue systrace needs libevent now. 2003-11-29 05:47:51 +00:00
sbin - some KNF (80 cols) 2004-01-10 14:28:37 +00:00
share Add a comma. 2004-01-10 17:41:52 +00:00
sys Reinstate symbolic device names -- I completely forgot about their use. 2004-01-11 01:48:46 +00:00
tools KNF. 2004-01-08 12:16:09 +00:00
usr.bin Add unit test for ternary modifier 2004-01-09 00:56:44 +00:00
usr.sbin typo (struct member name - has to be rtm_addrs). from fujitsu 2004-01-08 06:56:25 +00:00
x11 s/Build/X11 build/ 2004-01-11 00:10:54 +00:00
build.sh tweak usage message. 2003-11-14 12:38:12 +00:00
BUILDING Note tools/compat/README as the place to get notes from non-native cross builds 2003-12-29 07:10:24 +00:00
Makefile Implement do-x11, to run "make build" in ./x11/ 2004-01-08 07:01:06 +00:00
Makefile.inc don't set KERNSRCDIR here; pull in <bsd.kernobj.mk> if you need it 2002-04-10 14:53:43 +00:00
UPDATING add fsck compatibility notes 2004-01-09 19:36:28 +00:00