[patch] rm can have undesired side-effects

Tim Clewlow tim1timau at yahoo.com
Tue Oct 31 18:11:21 UTC 2006 


--- Bakul Shah <bakul at bitblocks.com> wrote:

> > Having thought this over some more, if a
> > shred/scramble/scrub command is created in its own
> > right, then a number of new features could be
> added
> > that do not currently exist.
> 
> > - The command could be writen to protect a single
> > file, or, it could also write to an entire file
> > system/media.
> 
> These won't share much beyond what patterns to write
> and how many times.
> 
> > - The command could offer many types of
> randomising
> > possiblities, eg the current 0xff, 0x00, 0xff; or
> > perhaps /dev/random could be written; or perhaps
> the
> > user could specify exactly what is to be used to
> > overwrite the file/file system - from memory some
> > large organistations (govt depts) have specific
> rules
> > about how files/file systems should be overwritten
> > before old medie is thrown out and replaced (so
> no-one
> > can scavenge the media and read sensitive data)
> 
> IMHO even this does not address paranoia very well. 
> The
> point of rm -P is to make sure freed blocks on the
> disk don't
> have any useful information.  But if the bad guy can
> read the
> disk *while* it also holds other files on it, the
> battle is
> already lost as presumably he can also read data in
> live
> files.  If you are using rm -P in preparation to
> throwing a
> disk away, you may as well just use a whole disk
> scrubber.
> If you are using rm -P to prevent a nosy admin to
> look at
> your sensitive data, you will likely lose.  He can
> easily
> replace rm with his own command.  A separate scrub
> command
> may help since you can verify the data is erased.
> 
> This is not to say rm -P or scrub is not helpful. 
> If you
> know what you are doing it is perfectly adequate. 
> But if you
> don't or you make mistakes, it will give you a false
> sense of
> security.  For example, once a file is unlinked
> through some
> other means (such as mv) you don't have a handle on
> it any
> more to scrub.  Basically you lost the ability to
> scrub your
> data due to a mistake.  Worse, editing such a file
> may free
> unscrubbed blocks.  A separate command won't help.
> 
> This is why I suggested to have the system do this
> for you
> (through a mount option -- I don't care enough to
> want to
> implement it).
> 
> > Kind of thinking out loud here, apologies if its
> > noisy, Tim.
> 
> If the end result is clear headed go right ahead!
> 

Having cleared my head a bit more, I realise most of
this can be done with consecutive runs of 'dd'.
I think I've reached a conclusion here.

Tim.



 
____________________________________________________________________________________
Low, Low, Low Rates! Check out Yahoo! Messenger's cheap PC-to-Phone call rates 
(http://voice.yahoo.com)

More information about the freebsd-hackers mailing list