[linux-lvm] Snapshots & data security
Zdenek Kabelac
zkabelac at redhat.com
Wed Jul 20 13:50:46 UTC 2016
Dne 19.7.2016 v 17:28 Scott Sullivan napsal(a):
> Hello,
>
> Could someone please clarify if there is a legitimate reason to worry about
> data security of a old (removed) LVM snapshot?
>
> For example, when you lvremove a LVM snapshot, is it possible for data to be
> recovered if you create another LVM and it happens to go into the same area as
> the old snapshot we lvremoved?
>
> If this helps clarify, do we have to worry about security scrubbing a LVM
> snapshot for data security ?
lvm2 is 'volume manage' - not a security tool to obfuscate data on your disk
- this is 'admins' task.
So if you do care about 'data' content you give to your user in LV - it's
then 'admins' jobs to 'clear-up' all space before LV is given to user.
i.e. 'lvcreate && dd if=/dev/zero....'
lvm2 does not care about 'data' content - it's metadata management tool.
Now if you are paranoid and you care purely about 'erasing' data from your
snapshot - you can use 'lvconvert --splitsnapshot' and then erase again with
'dd' your COW volume you get from split.
Saying all this - you can try to use 'thin-provisioning' instead,
which has built-in option of zeroing provisioned blocks - so whenever your
provisioned LV gets a 'new block' - it's unwritten part are always zeroed - so
there is no 'data-leak'.
And finally - if you are using modern filesystem like ext4 or XFS - they are
tracking written area - so 'fs' user cannot actually read 'unwritten' data.
And 2nd. finally - for paronid admin consider 'data' encryption....
Regards
Zdenek
More information about the linux-lvm
mailing list