Secure Delete utilities for Linux EXT3

David A. Bandel david
Mon May 17 12:01:25 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 16 Apr 2004 09:31:42 +0200
Roger Oberholtzer <roger at opq.se> wrote:

> David:
> 
> I think we both read the initial post wrong. At first I thought what
> was wanted was a way to unerase a file. So my first response was that.
> That seems not to be the case. What is wanted is a way to delete a
> file and have nothing left on the disk from it. So, there is no
> additional disk space required for this. All that is happening is that
> the disk data is removed before the file is deleted. Effectively, set
> it to some nonsense values. I think this was a security related
> question. A preload module would make this more complete. (But still
> not really fully complete.)

That was the original question, but a follow-up post was looking for
something that did what Norton could do under DOS, prevent accidental
deletions by storing files which were later deleted.

> 
> As to the other use we both got into (not the one the original post
> was interested in), you are right. Note that the preload function is
> flexible. It need not be a system-wide thing any more than the saferm
> would be. It could have the same limited scope. Except (and my whole
> point) instead of only targeting 'rm' when you want the functionality,
> you can target all removals. 'rm' is just one program that removes
> files. I personally would never tell a customer that they can unerase
> files in a certain context only because one program (rm) has new
> features. There are too many other ways to get rid of files. Like
> deleting them in kde/gnome/whatever.

Fine.  But what I remember of the TSR program that Norton had, it was
targetted at not accidentally deleting something via the DOS delete
command and nothing more.  It wasn't about stopping (or saving)
temporary files from deletion.  Also, I went to something that could be
individually done by non-power users if necessary.  Functions are badly
under-used.  Even RedHat and SuSE want to alias rm to rm -i (extremely
annoying that) rather than write a saferm function which a cron job
would clean up after nightly (for files more than 2 weeks or 30 days
old).

> 
>  On Thu, 15 Apr 2004 14:05:11 -0500
> "David A. Bandel" <david at pananix.com> wrote:
> 
> > I don't want it shared.  That's why it's a function.  I use CVS.  I
> > don't also want a safe rm, but some others might.  This, like
> > aliases, is a personal user setting, not system-wide silliness to be
> > thrust on the unsuspecting (or unwilling) by the unknowing trying to
> > do the impossible for the ungrateful.
> 
> module preloading is NOT a system-wide thing. It is a per-shell and
> even per-program thing. Remember that shell aliases only apply to
> shells that use them. tclsh, wish, perl, python, etc. all would not
> see the alias. What would their behavior be if they delete via a call
> to rm? With preloading it is what you preload, independent of the
> program's ideas on things, which I think is the point as rm does not
> offer the desired safe delete optoin. With the alias it is only for
> shells that use them.

aliases and functions work in almost all shells.  I think you'd be hard
pressed to find one that won't support it.

> 
> It is all a preference thing. If you only want to be protected from a
> mistaken 'rm' in bash, saferm is the way to go. If you want a context
> where file retrieval can be done independent of what deleted it, I
> think a preload module is the way to go. Having said that, I fully and
> totally agree that a system-wide action is bad. But I think you missed
> that module preloading is even more flexible and selective than
> saferm.

OK, but I interpreted the comparison to Norton's TSR to mean they wanted
something to protect against accidental rm by the user, not purposeful
deletions by programs (most likely of temporary files).  functions are
only slightly more difficult to implement than aliases but much more
powerful and can be overridden on the command line by full-pathing the
command.

> 
> As an aside, we had a customer ask us if we could stop all file
> deleting on their systems. After a bit of thought, we decided that
> this was a bad thing. Their problem is that they collects tons of data
> in a mobile system. After data backup, they must delete the data that
> is no longer needed so there is space for new data. If they make a
> mistake, it costs to recollect the data. We eventually decided that a
> possible data recollection was better than some strange deletion
> system. Also, they forgot that the reason they are deleting is that
> they need the space. So, not removing the files was not an option.
> Result: no system change. At the time, we looked at options like a
> user-specific rm command. However, they could not promise to always
> delete via a shell command. A preload module was the only way to
> intercede in all delete attempts.

I wouldn't have entertained this with any more than a "of course you're
joking" comment.

Ciao,

David A. Bandel
- -- 
Focus on the dream, not the competition.
		Nemesis Racing Team motto
GPG key autoresponder:  mailto:david_key at pananix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAgBxIj31PLQNUbV4RAre+AKCKEkpzG+GzkCAAhjvshjsA5nIlhQCfe6sS
MoVHkWNu7P1x3PwbUtft5yY=
=+VSN
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list