Re: Secure deletion

Richard B. Johnson (root@chaos.analogic.com)
Thu, 23 Jul 1998 09:14:44 -0400 (EDT)


On Thu, 23 Jul 1998, Jeffrey B. Siegal wrote:

> >What's wrong with the "count the number of pages in the file, dump
> >that many zeroes or random stuff on it and delete it then."
>
> It doesn't work for files deleted by programs not under your control. I want
> mail spool files (for example) to be securely deleted, without having to
> modify and recompile sendmail. Similarly for every other program that
> deletes files.
>

Suppose you modified the 'C' runtime library so it could be recompiled with
a switch that changes anything that 'removes' files to:

stat the file (to get length);
write the file with junk.
close the file.
sync the file-system.
unlink the file.
sync the file-system.

The problem with doing this in the kernel is that any time anything
removes a file, you have to flush buffers to disk to make sure that
the new data gets to the physical media. This will slow the file-system
to a crawl.

If you don't need 'instantaneous' security, i.e., you can clean up
your disk(s) once a day, just make a program that writes a file,
filled with "SECURITY ", until the disk partition is full.
Close the file, sync the file-system, then delete the file.

When someone reads "unwritten" data they are usually impressed,
stop hacking, and so some real work.

On my server 'boneserver.analogic.com' cron does this every night
after my backups. As a side effect, every disk sector will get
written each night, the SCSI automatic bad-block replacement gets
exercised so I am not stuck with any surprises.

Cheers,
Dick Johnson
***** FILE SYSTEM MODIFIED *****
Penguin : Linux version 2.1.108 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html