Hosting Provided By

Patch to rm.c & rm.1 to increase overwrite security

From: Alex Kirk <alex(at)schnarff.com>
Date: Mon Nov 25 2002 - 12:25:56 EST

I am submitting a copy of a PR that Sendbug automatically saved when it couldn't send mail. I will be happy to clarify anything if necessary, including submitting the patches as file attachments.

Thank You,
Alex Kirk

>Submitter-Id: net
net
>Confidential: no
>Synopsis: Patch to rm.c & rm.1 to increase overwrite security
>Severity: non-critical

       System      : OpenBSD 3.2
       Architecture: OpenBSD.i386
       Machine     : i386

>Description:

       I am submitting a patch to rm.c and rm.1 that incorporates Peter
       Gutmann's ideas on secure deletion from his 1996 USENIX paper.
       I have tested this on three different machines, and have had no
       errors whatsoever.

>How-To-Repeat:

       Not applicable

>Fix:

       Patch below:
       rm.c:
       297c297,301

< * Overwrite the file 3 times with varying bit patterns. ---
> * Overwrite the file 33 times with varying bit patterns
> * specifically designed to make data recovery exponentially
> * more difficult. Note that no deletion process can
> * *completely* remove a file, but that this process is as
> * good as it gets.

299,304c303,313

<  * XXX
<  * This is a cheap way to *really* delete files.  Note that only regular
<  * files are deleted, directories (and therefore names) will remain.
<  * Also, this assumes a fixed-block file system (like FFS, or a V7 or a
<  * System V file system).  In a logging file system, you'll have to have
<  * kernel support.
 ---

>  *      Incorporates work of Peter Gutmann in his 1996 USENIX

>  *      paper "Secure Deletion of Data from Magnetic and

>  *      Solid-State Memory",

>  *      http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

>  *

>  * Note that only regular files are deleted, directories (and

>  * therefore names) will remain. Also, this assumes a fixed-block

>  * file system (like FFS, or a V7 or a System V file system).  In

>  * a logging file system, you'll have to have kernel support.

> *
> * Contributed in November 2002 by Alex Kirk <alex@schnarff.com>.
305a315,327
> #define HEX_VALS 27
> typedef unsigned char hexpattern[3];
> hexpattern vals[HEX_VALS] = {
> {0x55, 0x55, 0x55}, {0xAA, 0xAA, 0xAA}, {0x92, 0x49, 0x24},
> {0x49, 0x24, 0x92}, {0x24, 0x92, 0x49}, {0x00, 0x00, 0x00},
> {0x11, 0x11, 0x11}, {0x22, 0x22, 0x22}, {0x33, 0x33, 0x33},
> {0x44, 0x44, 0x44}, {0x55, 0x55, 0x55}, {0x66, 0x66, 0x66},
> {0x77, 0x77, 0x77}, {0x88, 0x88, 0x88}, {0x99, 0x99, 0x99},
> {0xAA, 0xAA, 0xAA}, {0xBB, 0xBB, 0xBB}, {0xCC, 0xCC, 0xCC},
> {0xDD, 0xDD, 0xDD}, {0xEE, 0xEE, 0xEE}, {0xFF, 0xFF, 0xFF},
> {0x92, 0x49, 0x24}, {0x49, 0x24, 0x92}, {0x24, 0x92, 0x49},
> {0x6D, 0xB6, 0xDB}, {0xB6, 0xDB, 0x6D}, {0xDB, 0x6D, 0xB6}
> };

313a336
> int i, j, x, y;

330a354
>

339,345c363,381

<       PASS(0xff);
<       if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
<               goto err;
<       PASS(0x00);
<       if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
<               goto err;
<       PASS(0xff);
 ---

> #define RAND_PASS(num) {                                              \

>       for (i = 0; i < num; i++) {                                     \

>               x = abs(arc4random())%HEX_VALS;                         \

>               y = i%3;                                                \

>               PASS(vals[x][y]);                                       \

>               if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))         \

>                       goto err;                                       \

>               }                                                       \

> }

>       RAND_PASS(5);

>       for (i = 0; i < HEX_VALS; i++) {

>               for (j = 0; j < 3; j++) {

>                       PASS(vals[i][j]);

>                       printf("Overwriting with %d...\n", vals[i][j]);

>                       if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))

>                               goto err;

>               }

>       }

>       RAND_PASS(5);

 

       rm.1:
 --- rm.1.orig   Mon Nov 25 12:03:25 2002
+++ rm.1        Mon Nov 25 12:03:19 2002

@@ -82,13 +82,11 @@
options.
.It Fl P
Overwrite regular files before deleting them.

 -Files are overwritten three times, first with the byte pattern
 -.Li 0xff ,
 -then
 -.Li 0x00 ,
 -and then
 -.Li 0xff
 -again, before they are deleted.
+Files are overwritten thirty-three times, with the values suggested by
+Peter Gutman in his 1996 USENIX paper Secure Deletion of Data from
+Magnetic and Solid-State Memory for increased security, before they

+are deleted. Note that this cannot provide complete destruction of +files, but that it is better than simply deleting them. .It Fl R
Attempt to remove the file hierarchy rooted in each file argument. The

[demime 0.98d removed an attachment of type application/pgp-signature] Received on Mon Nov 25 12:27:17 2002

This message: [ Message body ]
Next message: Chad Loder: "Re: Patch to rm.c & rm.1 to increase overwrite security"
Previous message: janjaap(at)stack.nl: "system/2994: sshd does not clear all nessesary keys from authority file"
In reply to Dries Schellekens: "(no subject)"
Next in thread: Chad Loder: "Re: Patch to rm.c & rm.1 to increase overwrite security"
Reply: Chad Loder: "Re: Patch to rm.c & rm.1 to increase overwrite security"
Reply: Csaba Simon: "netcat (nc) dumps core"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:38 EDT