Re: [patch] rm can have undesired side-effects

Having thought this over some more, if a
shred/scramble/scrub command is created in its own
right, then a number of new features could be added
that do not currently exist.

- The command could be writen to protect a single
file, or, it could also write to an entire file
system/media.

These won't share much beyond what patterns to write
and how many times.

- The command could offer many types of randomising
possiblities, eg the current 0xff, 0x00, 0xff; or
perhaps /dev/random could be written; or perhaps the
user could specify exactly what is to be used to
overwrite the file/file system - from memory some
large organistations (govt depts) have specific rules
about how files/file systems should be overwritten
before old medie is thrown out and replaced (so no-one
can scavenge the media and read sensitive data)

IMHO even this does not address paranoia very well. The
point of rm -P is to make sure freed blocks on the disk don't
have any useful information. But if the bad guy can read the
disk *while* it also holds other files on it, the battle is
already lost as presumably he can also read data in live
files. If you are using rm -P in preparation to throwing a
disk away, you may as well just use a whole disk scrubber.
If you are using rm -P to prevent a nosy admin to look at
your sensitive data, you will likely lose. He can easily
replace rm with his own command. A separate scrub command
may help since you can verify the data is erased.

This is not to say rm -P or scrub is not helpful. If you
know what you are doing it is perfectly adequate. But if you
don't or you make mistakes, it will give you a false sense of
security. For example, once a file is unlinked through some
other means (such as mv) you don't have a handle on it any
more to scrub. Basically you lost the ability to scrub your
data due to a mistake. Worse, editing such a file may free
unscrubbed blocks. A separate command won't help.

This is why I suggested to have the system do this for you
(through a mount option -- I don't care enough to want to
implement it).

Kind of thinking out loud here, apologies if its
noisy, Tim.

If the end result is clear headed go right ahead!
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: New HDD Installation
    ... "John John" wrote: ... a single partition disk. ... confirm or change the active flag of the partition using the FDISK command. ... There are other ways to mark the partition active, either with a Windows ...
    (microsoft.public.windowsxp.general)
  • Re: Forgot to put old_rootvg to sleep before reboot - How to Wake
    ... Performs operations on existing alternate rootvg volume groups. ... To rename Alternate Disk Volume Group: ... The alt_rootvg_op command can be used to determine which disk is the ... flag) can be executed at this time. ...
    (comp.unix.aix)
  • PC8477 Demo Program
    ... The PC8477 Demo Program is designed to allow access to all software commands and registers of National Semiconductor's PC8477 Advanced Floppy Disk Controller. ... The left center indicates the number of bytes transferred during the last command issued. ...
    (comp.sys.ibm.ps2.hardware)
  • Re: Windows XP boot failure
    ... If you have a friend with a real Windows ... read/write to the drives using a command line ... For more information on a specific command, ... CHKDSK Checks a disk and displays a status report. ...
    (microsoft.public.windowsxp.basics)
  • Re: New HDD Installation
    ... DISKPART> list disk ... DISKPART> select partition 1 ... You can do the same thing starting with the "list volume" instead of the "list disk" command, then selecting volumes to gain focus. ... At this point I haste to point out that this is mostly for educational purposes and for you to gain an inner working knowledge of disks and partitions and how Windows works with them. ...
    (microsoft.public.windowsxp.general)