CN113254404B - File processing method and device - Google Patents
File processing method and device Download PDFInfo
- Publication number
- CN113254404B CN113254404B CN202110568838.0A CN202110568838A CN113254404B CN 113254404 B CN113254404 B CN 113254404B CN 202110568838 A CN202110568838 A CN 202110568838A CN 113254404 B CN113254404 B CN 113254404B
- Authority
- CN
- China
- Prior art keywords
- file
- kernel thread
- historical data
- daemon process
- user daemon
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/548—Queue
Abstract
The invention discloses a file processing method or device, which awakens a file historical data deleting module when a file is opened or edited; the file historical data deleting module calls a kernel thread, and the kernel thread informs a user daemon process to delete the file historical data; and after the user daemon process finishes deleting the historical data of the file, the user daemon process informs the kernel thread, and the historical data deleting module of the file enters a sleep state. When a file is opened or edited by the Linux editor, historical data of the file is deleted safely, and the historical data of a user is prevented from being leaked due to the fact that technical means are adopted to recover the historical data.
Description
Technical Field
The invention relates to the field of computer operating systems, in particular to a file processing method and device.
Background
The conventional method for deleting disk data by a common Linux user mainly comprises the following steps: deletion and formatting. "delete" is the most convenient method to delete data, such as Linux users most often adopt the "rm" delete command. In fact, the data is not really deleted from the hard disk, but only the index of the file is deleted, and the method is the most insecure and the data is easy to recover. "formatting" has many different meanings: physical or low-level formatting, operating system formatting, fast formatting, partition formatting, and the like. In most cases, the formatting used by the average user does not affect the data on the hard disk, and as such, this approach remains insecure.
The working principle of safe deletion basically adopts a data overwriting technology, namely, data on an original storage medium is overwritten by meaningless and irregular data, and the probability of data restoration is smaller with the increase of the overwriting times, but the corresponding time overhead is larger. At present, common security deletion tools for Linux include shreds, wipes, secure-delete software packages and the like, and the basic principle is to realize data security deletion by using a data overlay technology.
The above tools, while they may enable secure deletion of data, are only valid for the final visible file on disk.
The basic steps of file operation in the Linux system are as follows:
1. in a Linux system, a file is operated, generally, an open function is adopted to open the file to obtain a file scanning descriptor, then, the file is subjected to read-write operation (or other operations), and finally, the file is closed.
2. When the file is operated, the file is opened first, then the file is operated (if the file is not opened successfully, the operation cannot be performed), and finally the file is closed after the file is operated, otherwise the file is possibly damaged.
3. The file is usually stored in a file system in the block device, and this file is a static file, and when a file is opened, the operation of the Linux kernel includes: the kernel establishes a data structure for opening a file in a process, records the opened file, applies for a section of memory in the memory, reads the content of the static file from the block device to a specific address in the memory for management and storage, and the file in the memory is called as a dynamic file.
4. After the file is opened, the read-write operation of the file is directed to the dynamic file in the memory, but not to the static file. When the dynamic file is read and written, the dynamic file in the memory and the static file in the block device are not synchronized, and when the dynamic file is closed by close, the content of the dynamic file in the memory is used for updating (synchronizing) the static file in the block device. Because block devices have read and write limitations, operating block devices is very inflexible. The memory can be operated by byte and random operation is carried out. When open opens a file, the operating system builds data structures in memory to represent the dynamic file, and then returns a number to the application as a file descriptor, which is tied to the hook of the data structure in memory that maintains the dynamic file. If the application program wants to operate on the dynamic file, only the file descriptor is needed for distinguishing.
The method is limited by the limitation of Linux on file operation, and after various editors commonly used in Linux open existing files to be edited and stored, the historical data of the files still remain on a disk, and even if the software is used for safely deleting the final files, the historical data of the files can still be partially or even completely restored through a certain technical means, so that data leakage is caused.
Disclosure of Invention
The invention provides a file processing method and device in order to prevent the technical means from recovering user historical data.
On one hand, the invention provides a file processing method, which is applied to a Linux system provided with a file historical data deleting module, wherein the file historical data deleting module is used for creating a kernel thread, calling the kernel thread and informing a user daemon process to delete file historical data through the kernel thread, and the method comprises the following steps:
when a file is opened or edited, a file history data deletion queue is created;
a file historical data deleting module is awakened;
the file historical data deleting module calls a kernel thread, and the kernel thread informs a user daemon process to delete the file historical data; and after the user daemon process finishes deleting the historical data of the file, the user daemon process informs the kernel thread, and the historical data deleting module of the file enters a sleep state.
Further, the kernel thread notifies a user daemon process, specifically: the kernel thread performs asynchronous bidirectional data communication with the user daemon through a Netlink socket.
Further, before waking up the file history data deleting module, the method further includes:
setting a hook function in a kernel space; the hook function is used for calling the file history data deleting module when the Linux opens or edits the file.
Further, the opening or editing of the file specifically includes: opening or editing the file by using an open function, and when a second parameter of the open function takes the value O _ TRUNC; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
In another aspect, the present invention provides a document processing apparatus, the apparatus comprising:
a hook function is set in a Linux kernel space, and when Linux opens or edits a file, a file history data deleting module is called;
the first kernel thread is used for informing the user daemon process to delete the execution file historical data;
a file history data deletion module for: creating a first kernel thread; the method comprises the steps of waiting for Linux to be awakened when a file is opened or edited, calling a first kernel thread when the file is awakened, informing a user daemon process to delete historical data of the file through the first kernel thread, and informing the first kernel thread after the user daemon process deletes the historical data of the file.
Further, the first kernel thread performs asynchronous bidirectional data communication with a user daemon through a Netlink socket.
Further, the apparatus comprises:
a file processing sub-module for: opening or editing the file by using an open function, and taking a second parameter value O _ TRUNC of the open function; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
Compared with the prior art, the invention has the following advantages:
the method ensures that the history data of the file is safely deleted when the file is opened or edited by a Linux editor, and prevents the leakage of the history data caused by recovering the history data of the user by adopting a technical means. The file historical data deleting module provided by the invention is a bridge between a Linux kernel and a user process, and reduces the execution time of the kernel. By adopting the asynchronous communication and waiting mode, on the premise of ensuring the system performance, the method can ensure that a specific Linux editor safely deletes the historical data of the file when editing the file.
Drawings
FIG. 1 is a schematic diagram of a prior art method of opening a file;
FIG. 2 is a schematic diagram of a file processing method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a file processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
FIG. 1 is a schematic diagram of a prior art method of opening a file; in the figure, the steps: the method comprises the steps of processing a file by adopting an OPEN function (value O _ TRUNC) or opening or editing the file in a write-only mode, and then calling an ftrunate/truncate function to intercept the length of the file to be 0, so that the history data of the existing file cannot be deleted from a disk, and the history data is leaked.
FIG. 2 is a schematic diagram of a file processing method according to an embodiment of the present invention; the method is applied to a Linux system provided with a file historical data deleting module, the file historical data deleting module is used for creating a kernel thread, calling the kernel thread, and informing a user daemon process to delete the file historical data through the kernel thread, and the method comprises the following steps:
when a file is opened or edited, a file history data deletion queue is created;
a file historical data deleting module is awakened;
the file historical data deleting module calls a kernel thread, and the kernel thread informs a user daemon process to delete the file historical data; and after the user daemon process finishes deleting the historical data of the file, the user daemon process informs the kernel thread, and the historical data deleting module of the file enters a sleep state.
Further, the kernel thread notifies a user daemon process, specifically: the kernel thread performs asynchronous bidirectional data communication with the user daemon through a Netlink socket.
Further, before waking up the file history data deletion module, the method further includes:
setting a hook function in a kernel space; the hook function is used for calling the file history data deleting module when the Linux opens or edits the file.
Further, the opening or editing of the file specifically includes: opening or editing the file by using an open function, and when a second parameter of the open function takes the value O _ TRUNC; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
Opening or editing the file by using an open function, and realizing the implementation process when a second parameter of the open function takes the value O _ TRUNC:
step 1: the editor opens an existing file in a write-only manner using the O _ true flag.
Step 2: and judging whether the editor of the opened file belongs to an editor list supported by the system, if so, directly jumping to the step 6 to execute a normal open call path, and dynamically specifying the editor list in a file history data deleting module.
And step 3: and creating a file history data deletion waiting queue.
And 4, step 4: setting a flag bit of secure _ delete _ notify to be 1, and calling and waking up a file history data deleting module in a sleep waiting state through wake _ up.
And 5: call wait _ event to wait for the deletion to complete.
Step 6: and carrying out normal post treatment on open.
The implementation process of opening or editing the file in a write-only mode and then calling ftrunate or truncate functions to intercept the file length to 0:
step 1: judging whether the file length is intercepted as 0 or not, if not, executing a normal ftruncate or truncate call path step 6.
Step 2: and judging whether the editor calling ftrunate or truncate belongs to a system supported editor list, and if the editor belongs to the system supported editor list, directly jumping to the step 6 to execute a normal ftrunate or truncate calling path.
And step 3: and creating a file history data deletion waiting queue.
And 4, step 4: setting a flag bit of secure _ delete _ notify to be 1, and calling and waking up a file history data deleting module in a sleep waiting state through wake _ up.
And 5: call wait _ event to wait for the deletion to complete.
Step 6: ftrunate or truncate normal post-processing.
FIG. 3 is a schematic diagram of a document processing apparatus according to an embodiment of the present invention; the device comprises:
a hook function is set in a Linux kernel space, and when Linux opens or edits a file, a file history data deleting module is called;
the first kernel thread is used for informing the user daemon process to delete the execution file historical data;
a file history data deletion module for: creating a first kernel thread; the method comprises the steps of waiting for Linux to be awakened when a file is opened or edited, calling a first kernel thread when the file is awakened, informing a user daemon process to delete historical data of the file through the first kernel thread, and informing the first kernel thread after the user daemon process deletes the historical data of the file.
Further, the first kernel thread performs asynchronous bidirectional data communication with a user daemon through a Netlink socket.
Further, the apparatus comprises:
a file processing sub-module for: opening or editing the file by using an open function, and taking a second parameter value O _ TRUNC of the open function; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalents may be substituted for elements thereof. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A file processing method is applied to a Linux system provided with a file history data deleting module, wherein the file history data deleting module is used for creating a kernel thread, calling the kernel thread and informing a user daemon process to delete file history data through the kernel thread, and the method comprises the following steps:
when a file is opened or edited, a file history data deletion queue is created;
a file historical data deleting module is awakened;
the file historical data deleting module calls a kernel thread, and the kernel thread informs a user daemon process to delete the file historical data; and after the user daemon process finishes deleting the historical data of the file, the user daemon process informs the kernel thread, and the historical data deleting module of the file enters a sleep state.
2. The file processing method according to claim 1, wherein the kernel thread notifies a user daemon process, specifically: the kernel thread performs asynchronous bidirectional data communication with the user daemon through a Netlink socket.
3. The file processing method of claim 1, wherein before waking up the file history data deletion module, the method further comprises:
setting a hook function in a kernel space; the hook function is used for calling the file history data deleting module when the Linux opens or edits the file.
4. The file processing method according to claim 1, wherein the opening or editing of the file is specifically: opening or editing the file by using an open function, and when a second parameter of the open function takes the value O _ TRUNC; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
5. A document processing apparatus, characterized in that the apparatus comprises:
a hook function is set in a Linux kernel space, and when Linux opens or edits a file, a file history data deleting module is called;
the first kernel thread is used for informing the user daemon process to delete the execution file historical data;
a file history data deletion module for: creating a first kernel thread; the method comprises the steps of waiting for Linux to be awakened when a file is opened or edited, calling a first kernel thread when the file is awakened, informing a user daemon process to delete historical data of the file through the first kernel thread, and informing the first kernel thread after the user daemon process deletes the historical data of the file.
6. The file processing apparatus of claim 5, wherein the first kernel thread is in asynchronous bidirectional data communication with a user daemon through a Netlink socket.
7. The document processing apparatus according to claim 5, wherein the apparatus comprises: a file processing sub-module for: opening or editing the file by using an open function, and taking a second parameter value O _ TRUNC of the open function; or open or edit the file using a write-only approach and then call ftrunate or truncate functions to truncate the file length to 0.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110568838.0A CN113254404B (en) | 2021-05-25 | 2021-05-25 | File processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110568838.0A CN113254404B (en) | 2021-05-25 | 2021-05-25 | File processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113254404A CN113254404A (en) | 2021-08-13 |
| CN113254404B true CN113254404B (en) | 2022-05-27 |
Family
ID=77184179
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110568838.0A Active CN113254404B (en) | 2021-05-25 | 2021-05-25 | File processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113254404B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6615224B1 (en) * | 1999-02-23 | 2003-09-02 | Lewis B. Davis | High-performance UNIX file undelete |
| CN101535968A (en) * | 2006-11-02 | 2009-09-16 | 微软公司 | Virtual deletion in merged file system directories |
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN105069372A (en) * | 2015-07-27 | 2015-11-18 | 武汉华工安鼎信息技术有限责任公司 | File monitoring system in Linux environment |
| CN106446233A (en) * | 2016-10-10 | 2017-02-22 | 郑州云海信息技术有限公司 | Web-based Linux file management method and device |
| CN106649475A (en) * | 2016-09-29 | 2017-05-10 | 郑州云海信息技术有限公司 | Shell-based method for safely deleting and recovering files |
| CN109656888A (en) * | 2018-12-24 | 2019-04-19 | 山东中孚安全技术有限公司 | A kind of file complete deletion method and device based on linux file system |
| KR20200080165A (en) * | 2018-12-26 | 2020-07-06 | 중앙대학교 산학협력단 | Context information File I/O management system and method for mobile devices |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI425375B (en) * | 2010-01-20 | 2014-02-01 | Inventec Corp | Method of file management of server |
-
2021
- 2021-05-25 CN CN202110568838.0A patent/CN113254404B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6615224B1 (en) * | 1999-02-23 | 2003-09-02 | Lewis B. Davis | High-performance UNIX file undelete |
| CN101535968A (en) * | 2006-11-02 | 2009-09-16 | 微软公司 | Virtual deletion in merged file system directories |
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN105069372A (en) * | 2015-07-27 | 2015-11-18 | 武汉华工安鼎信息技术有限责任公司 | File monitoring system in Linux environment |
| CN106649475A (en) * | 2016-09-29 | 2017-05-10 | 郑州云海信息技术有限公司 | Shell-based method for safely deleting and recovering files |
| CN106446233A (en) * | 2016-10-10 | 2017-02-22 | 郑州云海信息技术有限公司 | Web-based Linux file management method and device |
| CN109656888A (en) * | 2018-12-24 | 2019-04-19 | 山东中孚安全技术有限公司 | A kind of file complete deletion method and device based on linux file system |
| KR20200080165A (en) * | 2018-12-26 | 2020-07-06 | 중앙대학교 산학협력단 | Context information File I/O management system and method for mobile devices |
Non-Patent Citations (1)
| Title |
|---|
| Linux unlink函数和删除文件的操作方法;砸露;《https://cloud.tencent.com/developer/article/1725964》;20201021;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113254404A (en) | 2021-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8224796B1 (en) | Systems and methods for preventing data loss on external devices | |
| JP4578119B2 (en) | Information processing apparatus and security ensuring method in information processing apparatus | |
| US8108447B2 (en) | Systems and methods for garbage collection in deduplicated data systems | |
| EP2199939B1 (en) | Context-aware real-time computer-protection systems and methods | |
| US7778961B2 (en) | Delayed deletion of extended attributes | |
| JP5785390B2 (en) | Information processing apparatus, data replication method, program, and recording medium | |
| US20070005659A1 (en) | Data deletion method, storage device, and computer system | |
| US10783041B2 (en) | Backup and recovery of data files using hard links | |
| WO2007091652A1 (en) | Tally information management method and management device | |
| CN101414329B (en) | Delete just in the method for operating virus | |
| JP4516598B2 (en) | How to control document copying | |
| US20040243986A1 (en) | Interpreter and native code execution method | |
| US11113391B2 (en) | Method and computer system for preventing malicious software from attacking files of the computer system and corresponding non-transitory computer readable storage medium | |
| CN113254404B (en) | File processing method and device | |
| CN102073554A (en) | Method and device for recovering files closed abnormally | |
| CN112506424A (en) | Kernel-based method for preventing hard disk partition from being deleted under window operating system | |
| US11874954B2 (en) | Electronic data management device, electronic data management system, and non-transitory computer-readable recording medium | |
| KR101699046B1 (en) | File Security system based on filter driver and method thereof | |
| CN112597492A (en) | Binary executable file change monitoring method based on Windows kernel | |
| KR100948386B1 (en) | Apparatus and method for saving original data in computer system | |
| CN110941591A (en) | File deletion method, device and equipment and readable storage medium | |
| CN112416658A (en) | Shutdown backup method | |
| CN115640269B (en) | Android application installation acceleration method based on-demand copying | |
| CN112434285B (en) | File management method, device, electronic equipment and storage medium | |
| JPH10143406A (en) | File managing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |