Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 May 1999 09:31:16 +0100
From:      gc <gc@virtual-pc.com>
To:        tim@iafrica.com.na
Cc:        Joel Maslak <jmaslak@wind-river.com>, security@FreeBSD.ORG
Subject:   Re: Secure Deletion
Message-ID:  <374519D4.403016C2@virtual-pc.com>
References:  <3.0.6.32.19990520095507.00840010@india.wind-river.com> <374474D4.2263@iafrica.com.na>

next in thread | previous in thread | raw e-mail | index | archive | help


Tim Priebe wrote:
> 
> Joel Maslak wrote:
> >
> > Let's keep standard BSD semantics here, please!
> >
> > As for "secure" deletion...  Why doesn't someone just write a simple
> > user-space program to do that.  True, it wouldn't handle calls to unlink(),
> > but one would think that someone could modify the library really quick
> > (provided no one does a system call directly, but uses the libc interface
> > instead).  I think this would be much better for everyone involved.
> >
> > Some problems with my idea...
> >
> > Static-linked executables would need to be recompiled
> > Library would need to be modified on "secure" systems
> >
> > If all you want is a way to force a file to go away from the command line,
> > just rewrite rm.
> 

Could someone enlighten me as to why the first move is not to write back
an inverted copy of the data to even out the residual field before
resorting to other patterns? (this assumes you are deleting a file and
thus still have the data before you start).

> >From my understanding of ffs, this would not be sufficiant. As a file
> grows, it is possible that the data is copied from its initial location
> to a new one. To not just give a false sense of security these block
> fragments would have to be over written after the data is copied, or
> some of the data could still be sitting on the drive after you think it
> is gone.
>
In that case, maybe there should be a flag attached to a given file
which made the OS 'securely' wipe any sectors that had been used by the
file any time it moved them.

gc 
> Tim.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?374519D4.403016C2>