Linux 5.14 With EXT4 Adds Interface To Help Prevent Information Leakage From The Journal


The EXT4 file-plan updates were sent in for the continuing Linux 5.14 merge window.

Besides routine fixes and code improvements for this passe Linux file-plan, EXT4 this cycle brings a noteworthy plot addition: beef up for triggering journal checkpoints from user-convey in the title of extra privateness/security. The novel EXT4_IOC_CHECKPOINT ioctl permits the journal to be checkpointed, truncated and discard or zeroed out.

With this novel interface it’ll enable EXT4 to better guarantee that every file contents and metadata is no longer accessible by means of the file-plan and is discarded or zeroed out to fend off doable files leaks from the EXT4 journal. User-convey daemons can trigger the novel ioctl if desired at given intervals for conducting that checkpoint and discard/zero’ed out job. Thus with this functionality can assist be depart deleted filenames are cleared out in paunchy with no indicators/files of that prior file. This EXT4 plot appears to were motivated by Google Cloud with persistent disks to make certain no personally identifiable files might per chance objective be left around in the EXT4 file-plan journal.

As well to to this novel checkpoint ioctl, EXT4 with this next kernel version now permits applications to poll on changes to /sys/fs/ext4/*/errors_count. More particulars within this pull predict of.

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x