From owner-freebsd-security  Fri May 21 12:35:43 1999
Delivered-To: freebsd-security@freebsd.org
Received: from andrew.cmu.edu (ANDREW.CMU.EDU [128.2.10.101])
	by hub.freebsd.org (Postfix) with ESMTP
	id 169311502C; Fri, 21 May 1999 12:35:09 -0700 (PDT)
	(envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost) by andrew.cmu.edu (8.8.5/8.8.2) id PAA20959; Fri, 21 May 1999 15:35:06 -0400 (EDT)
Received: via switchmail; Fri, 21 May 1999 15:35:05 -0400 (EDT)
Received: from unix6.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q001/QF.8rFPJVK00Uw:01gmo0>;
          Fri, 21 May 1999 15:34:57 -0400 (EDT)
Received: from unix6.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.ArFPJV200Uw:0f9Wg0>;
          Fri, 21 May 1999 15:34:57 -0400 (EDT)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix6.andrew.cmu.edu.sun4m.54
          via MS.5.6.unix6.andrew.cmu.edu.sun4_51;
          Fri, 21 May 1999 15:34:56 -0400 (EDT)
Message-ID: <YrFPJUy00Uw_0f9WY0@andrew.cmu.edu>
Date: Fri, 21 May 1999 15:34:56 -0400 (EDT)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: brooks@one-eyed-alien.net, Eivind Eklund <eivind@FreeBSD.ORG>
Subject: Re: secure deletion
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	"Ilmar S. Habibulin" <ilmar@ints.ru>, posix1e@cyrus.watson.org,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <19990521201043.I85583@bitbox.follo.net>
References: <xzpwvy2pax2.fsf@localhost.ping.uio.no> <Pine.GSO.4.05.9905211100050.6166-100000@orion.ac.hmc.edu>
	<19990521201043.I85583@bitbox.follo.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Excerpts from mail: 21-May-99 Re: secure deletion by Eivind Eklund@FreeBSD.OR 
> Either tunefs or chflags - it would be relatively expensive, so if you
> only need it for some data, it is probably better to have more
> fine-grained control than per-FS.

  Might I also suggest a 'normal' user option for one particular file to
be securely wiped?  Myself I usea simple replacement for rm I call wipe.
 It overwrites, fsyncs, overwrites again with the 10101, 01010 pattern,
zero's out the file, renames it to a random direntry and then unlinks
(whoa..  talk about what would happen to hardlinks :).  As an extra
opton to rm, for a user to be able to tell the kernel to securely delet
a file even though it isn't routinely flagged for it (having to chflags
then rm for each case is rather silly, although rm -w or something
should do it for you).

  BTW, might I taek it thatwith the kernel deletion method, a warning
should occur if you attemp to delete  a secure file which still has a
hardlink to it. 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message