Linux 5.14 with EXT4 adds interface to help prevent log information leaks

0


[ad_1]

EXT4 file system updates have been sent for the current Linux 5.14 merge window.

Along with the routine fixes and code enhancements for this mature Linux file system, EXT4 this round brings a notable feature addition: support for triggering journal checkpoints from user space on behalf of ‘additional confidentiality / security. The new EXT4_IOC_CHECKPOINT ioctl allows the log to be checked, truncated and deleted or zeroed.

With this new interface, it can enable EXT4 to better ensure that all file contents and metadata are not accessible through the file system and are deleted or zeroed to avoid possible information leakage from the EXT4 log. . User space daemons can trigger the new ioctl if desired at given intervals to perform this checkpoint and delete / zero process. So, this feature can help ensure that deleted file names are completely erased without any sign / information from that previous file. This EXT4 feature appears to have been driven by Google Cloud with persistent disks to ensure that no personally identifiable information can be left in the EXT4 file system log.

In addition to this new ioctl checkpoint, EXT4 with this next kernel version now allows applications to query for changes to / sys / fs / ext4 / * / errors_count. More details in this pull request.

[ad_2]

Share.

Leave A Reply