Re: Ext 2/3 overwriting remnant data & use of data blocks - security

From: Dragan Stanojevic - Nevidljivi (invisible_at_hidden-city.net)
Date: 10/08/04


Date: Fri, 08 Oct 2004 08:34:49 +0200
To: security-discuss@linuxsecurity.com


Hi there,

hell know wrote:

> BACKGROUND:
> Device under test uses temporary spool files. When those files are no
> longer needed, they are to be overwritten by the three-pass DOD
> overwrite (pattern '35', 'ca', '97'), then deleted. (Incase anyone out
> there asks the obvious question, I am aware that Ext supports a "secure"
> attribute but unfortunately that isn't enough for our purposes. It HAS
> to be a 3-pass overwrite... afterall that answer would be TOO EASY ;-).
> Also, the file is written and overwritten sequentially- that may be
> important to know when I get to the problem.

Well first of all, I don't think overwriting with known values is ok
from security standpoint. Probably the better thing would be to
overwrite it with random data.

That said, I guess you can write a shell script to use "shred" command
instead of "rm" (if you are looking for a shell solution). Something like:

shred $1; shred $1; shred -u $1

If you are looking for your own solution, I guess looking how shred does
it would be my first stop :)

bye,
N::



------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.