From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 31 18:11:21 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A5E316A407 for ; Tue, 31 Oct 2006 18:11:21 +0000 (UTC) (envelope-from tim1timau@yahoo.com) Received: from web50308.mail.yahoo.com (web50308.mail.yahoo.com [206.190.38.62]) by mx1.FreeBSD.org (Postfix) with SMTP id D371243D45 for ; Tue, 31 Oct 2006 18:11:20 +0000 (GMT) (envelope-from tim1timau@yahoo.com) Received: (qmail 27146 invoked by uid 60001); 31 Oct 2006 18:11:20 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Ze4Eb55oNALJ2fYt/J93OEUETMeonyP9x/6Yaxg/1Y3z28CiXeS2CS72vPxo1ZV3AHkvxvayEGJAuMUCCeH4qKS8nPs2a7fmuZa9SH8QSc1k7BlqtZsAaHAvIAKPyNrru9TXVEJ29y0+RXMdGBLCLAhFs2+6DRDJriA5H25dchk= ; Message-ID: <20061031181120.27144.qmail@web50308.mail.yahoo.com> Received: from [210.0.100.149] by web50308.mail.yahoo.com via HTTP; Tue, 31 Oct 2006 10:11:20 PST Date: Tue, 31 Oct 2006 10:11:20 -0800 (PST) From: Tim Clewlow To: freebsd-hackers@freebsd.org In-Reply-To: <20061031174402.761185B21@mail.bitblocks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: [patch] rm can have undesired side-effects X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2006 18:11:21 -0000 --- Bakul Shah wrote: > > Having thought this over some more, if a > > shred/scramble/scrub command is created in its own > > right, then a number of new features could be > added > > that do not currently exist. > > > - The command could be writen to protect a single > > file, or, it could also write to an entire file > > system/media. > > These won't share much beyond what patterns to write > and how many times. > > > - The command could offer many types of > randomising > > possiblities, eg the current 0xff, 0x00, 0xff; or > > perhaps /dev/random could be written; or perhaps > the > > user could specify exactly what is to be used to > > overwrite the file/file system - from memory some > > large organistations (govt depts) have specific > rules > > about how files/file systems should be overwritten > > before old medie is thrown out and replaced (so > no-one > > can scavenge the media and read sensitive data) > > IMHO even this does not address paranoia very well. > The > point of rm -P is to make sure freed blocks on the > disk don't > have any useful information. But if the bad guy can > read the > disk *while* it also holds other files on it, the > battle is > already lost as presumably he can also read data in > live > files. If you are using rm -P in preparation to > throwing a > disk away, you may as well just use a whole disk > scrubber. > If you are using rm -P to prevent a nosy admin to > look at > your sensitive data, you will likely lose. He can > easily > replace rm with his own command. A separate scrub > command > may help since you can verify the data is erased. > > This is not to say rm -P or scrub is not helpful. > If you > know what you are doing it is perfectly adequate. > But if you > don't or you make mistakes, it will give you a false > sense of > security. For example, once a file is unlinked > through some > other means (such as mv) you don't have a handle on > it any > more to scrub. Basically you lost the ability to > scrub your > data due to a mistake. Worse, editing such a file > may free > unscrubbed blocks. A separate command won't help. > > This is why I suggested to have the system do this > for you > (through a mount option -- I don't care enough to > want to > implement it). > > > Kind of thinking out loud here, apologies if its > > noisy, Tim. > > If the end result is clear headed go right ahead! > Having cleared my head a bit more, I realise most of this can be done with consecutive runs of 'dd'. I think I've reached a conclusion here. Tim. ____________________________________________________________________________________ Low, Low, Low Rates! Check out Yahoo! Messenger's cheap PC-to-Phone call rates (http://voice.yahoo.com)