Secure Delete utilities for Linux EXT3

Roger Oberholtzer roger
Mon May 17 12:01:24 PDT 2004 

David:

I think we both read the initial post wrong. At first I thought what was
wanted was a way to unerase a file. So my first response was that. That
seems not to be the case. What is wanted is a way to delete a file and have
nothing left on the disk from it. So, there is no additional disk space
required for this. All that is happening is that the disk data is removed
before the file is deleted. Effectively, set it to some nonsense values. I
think this was a security related question. A preload module would make this
more complete. (But still not really fully complete.)

As to the other use we both got into (not the one the original post was
interested in), you are right. Note that the preload function is flexible.
It need not be a system-wide thing any more than the saferm would be. It
could have the same limited scope. Except (and my whole point) instead of
only targeting 'rm' when you want the functionality, you can target all
removals. 'rm' is just one program that removes files. I personally would
never tell a customer that they can unerase files in a certain context only
because one program (rm) has new features. There are too many other ways to
get rid of files. Like deleting them in kde/gnome/whatever.

 On Thu, 15 Apr 2004 14:05:11 -0500
"David A. Bandel" <david at pananix.com> wrote:

> I don't want it shared.  That's why it's a function.  I use CVS.  I
> don't also want a safe rm, but some others might.  This, like aliases,
> is a personal user setting, not system-wide silliness to be thrust on
> the unsuspecting (or unwilling) by the unknowing trying to do the
> impossible for the ungrateful.

module preloading is NOT a system-wide thing. It is a per-shell and even
per-program thing. Remember that shell aliases only apply to shells that use
them. tclsh, wish, perl, python, etc. all would not see the alias. What
would their behavior be if they delete via a call to rm? With preloading it
is what you preload, independent of the program's ideas on things, which I
think is the point as rm does not offer the desired safe delete optoin. With
the alias it is only for shells that use them.

It is all a preference thing. If you only want to be protected from a
mistaken 'rm' in bash, saferm is the way to go. If you want a context where
file retrieval can be done independent of what deleted it, I think a preload
module is the way to go. Having said that, I fully and totally agree that a
system-wide action is bad. But I think you missed that module preloading is
even more flexible and selective than saferm.

As an aside, we had a customer ask us if we could stop all file deleting on
their systems. After a bit of thought, we decided that this was a bad thing.
Their problem is that they collects tons of data in a mobile system. After
data backup, they must delete the data that is no longer needed so there is
space for new data. If they make a mistake, it costs to recollect the data.
We eventually decided that a possible data recollection was better than some
strange deletion system. Also, they forgot that the reason they are deleting
is that they need the space. So, not removing the files was not an option.
Result: no system change. At the time, we looked at options like a
user-specific rm command. However, they could not promise to always delete
via a shell command. A preload module was the only way to intercede in all
delete attempts.


-- 
+????????????????????????????+???????????????????????????????+
? Roger Oberholtzer          ?   E-mail: roger at opq.se        ?
? OPQ Systems AB             ?      WWW: http://www.opq.se/  ?
? Nybrogatan 66 nb           ?    Phone: Int + 46 8   314223 ?
? 114 41 Stockholm           ?   Mobile: Int + 46 733 621657 ?
? Sweden                     ?      Fax: Int + 46 8   314223 ?
+????????????????????????????+???????????????????????????????+

More information about the Linux-users mailing list