nw == Nicolas Williams nicolas.willi...@sun.com writes:
ch == c hanover chano...@umich.edu writes:
Trying again:
ch In our particular case, there won't be
ch snapshots of destroyed filesystems (I create the snapshots,
ch and destroy them with the filesystem).
Right, but if your
On 05/02/2010 21:46, Nicolas Williams wrote:
On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote:
ch == c hanoverchano...@umich.edu writes:
ch is there a way to a) securely destroy a filesystem,
AIUI zfs crypto will include this, some day, by forgetting the key.
Right.
Two things, mostly related, that I'm trying to find answers to for our security
team.
Does this scenario make sense:
* Create a filesystem at /users/nfsshare1, user uses it for a while, asks for
the filesystem to be deleted
* New user asks for a filesystem and is given /users/nfsshare2. What
On 2/5/10 3:49 PM -0500 c.hanover wrote:
Two things, mostly related, that I'm trying to find answers to for our
security team.
Does this scenario make sense:
* Create a filesystem at /users/nfsshare1, user uses it for a while, asks
for the filesystem to be deleted * New user asks for a
ch == c hanover chano...@umich.edu writes:
ch is there a way to a) securely destroy a filesystem,
AIUI zfs crypto will include this, some day, by forgetting the key.
but for SSD, zfs above a zvol, or zfs above a SAN that may do
snapshots without your consent, I think it's just logically
On Fri, Feb 05, 2010 at 03:49:15PM -0500, c.hanover wrote:
Two things, mostly related, that I'm trying to find answers to for our
security team.
Does this scenario make sense:
* Create a filesystem at /users/nfsshare1, user uses it for a while,
asks for the filesystem to be deleted
* New
On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote:
ch == c hanover chano...@umich.edu writes:
ch is there a way to a) securely destroy a filesystem,
AIUI zfs crypto will include this, some day, by forgetting the key.
Right.
but for SSD, zfs above a zvol, or zfs above a
In our particular case, there won't be snapshots of destroyed filesystems (I
create the snapshots, and destroy them with the filesystem).
I'm not too sure on the particulars of NFS/ZFS, but would it be possible to
create a 1GB file without writing any data to it, and then use a hex editor to
On 2/5/10 5:08 PM -0500 c.hanover wrote:
would it be possible to
create a 1GB file without writing any data to it, and then use a hex
editor to access the data stored on those blocks previously?
No, not over NFS and also not locally. You'd be creating a sparse file,
which doesn't allocate
On Fri, Feb 05, 2010 at 05:08:02PM -0500, c.hanover wrote:
In our particular case, there won't be snapshots of destroyed
filesystems (I create the snapshots, and destroy them with the
filesystem).
OK.
I'm not too sure on the particulars of NFS/ZFS, but would it be
possible to create a 1GB
On Feb 5, 2010, at 5:19 PM, Nicolas Williams wrote:
ZFS crypto will be nice when we get either NFSv4 or NFSv3 w/krb5 for
over the wire encryption. Until then, not much point.
You can use NFS with krb5 over the wire encryption _now_.
Nico
--
I know, that's just something I'm working
You might also want to note that with traditional filesystems, the
'shred' utility will securely erase data, but no tools like that
will work for zfs.
___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
12 matches
Mail list logo
