From owner-freebsd-security Fri Jun 25 14:37:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 27E8B152AB for ; Fri, 25 Jun 1999 14:37:06 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id OAA12083; Fri, 25 Jun 1999 14:37:04 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id OAA03421; Fri, 25 Jun 1999 14:37:04 -0700 Received: from softweyr.com (dyn2.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA02399; Fri, 25 Jun 99 14:36:58 PDT Message-Id: <3773F67A.CC9B6215@softweyr.com> Date: Fri, 25 Jun 1999 15:36:58 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: cjclark@home.com, FreeBSD Security Subject: Re: Secure Deletion References: <199906250212.WAA07810@cc942873-a.ewndsr1.nj.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J. Clark" wrote: > > I looked through a long thread from last month on this topic, but was > unable to get an operable answer to my problem. > > Problem: A file came onto a FreeBSD system. All traces of this file > will (probably) need to be destroyed. The error was on someone else's > part, so we did not find out until this file had > propagated. There is presently an existing file that needs to be > destroyed. In addition, there are existing files that had this > information in them, but have since had the 'offending' part > removed... > > OK, OK, if you have not guessed, it was some email. One person got it, > forwarded it, and someone else stored it in an IMAP mailfile. The > offending stuff is 'gone' from the existing mailspools, but the IMAP > file exists. So, the question is... > > 1) Is there a way for me to securely destroy the file that still > exists? For example, if I were to do something like (this is just > an example), > > # BADLEN=`ls -l | awk '{ print $5 }'` > # dd if=/dev/zero of= bs=1 count=$BADLEN > # dd if=/dev/urandom of= bs=1 count=$BADLEN > # dd if=/dev/zero of= bs=1 count=$BADLEN This won't do it, if you're really interested in obliterating the file contents. What you want to do is overwrite the file blocks with alternating patterns of 10101010 then 01010101 at least 100 times. Due to the way modern recording formats work, and the memory of the cells that actually store the bits on the disk, anything less won't really erase the disk. Fortunately, this isn't all that tough to do. Here's a little program I just hacked together to do this. It's not designed to be efficient, it just overwrites the data and syncs the file on every pass, but it should do a pretty good job of clobbering the bits on the disk. If there is any interest, I'll write a man page for this and commit it as well, or work it into 'rm -P' in some way. /* * Obliterate - a simple program to obliterate file contents. * * Copyright (c) 1999 Softweyr LLC, South Jordan, Utah USA. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY Softweyr LLC ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL Softweyr LLC OR ANY CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * Author: Wes Peters * Date: Fri Jun 25 14:22:33 MDT 1999 */ #include #include #include #include #include void obliterate(char *fname) { struct stat S; int fd; void *data; int iteration; if (stat(fname, &S) == -1) { perror(fname); return; } if (!S_ISREG(S.st_mode)) { fprintf(stderr, "%s: not a regular file\n", fname); return; } fd = open(fname, O_RDWR); if (fd == -1) { perror(fname); return; } data = mmap(NULL, S.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (data == MAP_FAILED) { perror(fname); close(fd); return; } /* * Overwrite the file 100 times with successive iterations of 0101 then * 1010 patterns. */ for (iteration = 0; iteration < 100; iteration++) { (void) memset(data, 0xa, S.st_size); if (fsync(fd) == -1) { perror(fname); close(fd); return; } (void) memset(data, 0x5, S.st_size); if (fsync(fd) == -1) { perror(fname); close(fd); return; } } /* * Zero the file blocks against casual perusal, then unlink the file. */ memset(data, 0, S.st_size); if (fsync(fd) == -1) { perror(fname); close(fd); return; } close(fd); if (unlink(fname) == -1) { perror(fname); } return; } /* * Obliterate each file named on the command line. */ int main(int argc, char *argv[]) { while (--argc) { obliterate(argv[argc]); } return 0; } -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message