Linux 5.14 With EXT4 Adds Interface To Help Prevent Information Leakage From The Journal
The EXT4 file-system updates have been sent in for the ongoing Linux 5.14 merge window.
Besides routine fixes and code improvements for this mature Linux file-system, EXT4 this cycle brings a noteworthy feature addition: support for triggering journal checkpoints from user-space in the name of extra privacy/security. The new EXT4_IOC_CHECKPOINT ioctl allows the journal to be checkpointed, truncated and discard or zeroed out.
With this new interface it can allow EXT4 to better guarantee that all file contents and metadata is not accessible through the file-system and is discarded or zeroed out to fend off possible information leaks from the EXT4 journal. User-space daemons can trigger the new ioctl if desired at given intervals for carrying out that checkpoint and discard/zero'ed out process. Thus with this functionality can help ensure that deleted filenames are cleared out in full with no signs/information of that prior file. This EXT4 feature appears to have been motivated by Google Cloud with persistent disks to ensure no personally identifiable information might be left around in the EXT4 file-system journal.
In addition to this new checkpoint ioctl, EXT4 with this next kernel version now allows applications to poll on changes to /sys/fs/ext4/*/errors_count. More details within this pull request.
Besides routine fixes and code improvements for this mature Linux file-system, EXT4 this cycle brings a noteworthy feature addition: support for triggering journal checkpoints from user-space in the name of extra privacy/security. The new EXT4_IOC_CHECKPOINT ioctl allows the journal to be checkpointed, truncated and discard or zeroed out.
With this new interface it can allow EXT4 to better guarantee that all file contents and metadata is not accessible through the file-system and is discarded or zeroed out to fend off possible information leaks from the EXT4 journal. User-space daemons can trigger the new ioctl if desired at given intervals for carrying out that checkpoint and discard/zero'ed out process. Thus with this functionality can help ensure that deleted filenames are cleared out in full with no signs/information of that prior file. This EXT4 feature appears to have been motivated by Google Cloud with persistent disks to ensure no personally identifiable information might be left around in the EXT4 file-system journal.
In addition to this new checkpoint ioctl, EXT4 with this next kernel version now allows applications to poll on changes to /sys/fs/ext4/*/errors_count. More details within this pull request.
5 Comments