Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-23-2006, 05:50 PM
|
#1
|
LQ Newbie
Registered: Jun 2006
Posts: 1
Rep:
|
crypto, "shred", ext3, and loop device
I would like to decrypt certain data into a file, use the file, and when done, "wipe" the file using something like "wipe" or "shred".
However, my file system is "ext3", and I am told that following a "shred", journal entries could still exist containing sensitive data.
Also, I don't have any free partitions to use for doing this, which would solve the problem easily.
So, I am wondering if the following would work:
1. Create, say, a 20 mb file in the ext3 partition.
2. using mkfs, create a "ext2" type filesystem (with no journalling) in that file.
3. Mount the file as loop device.
4. Create files containing the decrypted, sensitive data in that mounted filesystem, run "shred", and delete the files.
If I do this, could there still be any sensitive data hanging around in the ext3 journals (or anywhere else)?
Thanks, if anyone can shed light on this.
David Geller
|
|
|
06-23-2006, 08:58 PM
|
#3
|
Member
Registered: Mar 2006
Location: Edinburgh, UK
Distribution: debian
Posts: 304
Rep:
|
You got me interested. The ramdisks don't take up any space until you use them, so you can specify them to be big.
And you can change the size without rebooting.
http://www.linuxfocus.org/English/No...rticle124.html
Of course you need to have 20MB ram spare - surely?
|
|
|
06-23-2006, 09:03 PM
|
#4
|
Member
Registered: Mar 2006
Location: Edinburgh, UK
Distribution: debian
Posts: 304
Rep:
|
Seems you can only change the default size without rebooting if your ramdisk support is a module of the kernel, not if it's compiled in (like mine).
|
|
|
06-23-2006, 09:09 PM
|
#5
|
Member
Registered: Jul 2001
Location: California, US
Distribution: Slackware
Posts: 196
Rep:
|
try using tmpfs, it's better suited for what you're trying to do, however make sure you write over all 20 megs or however large you make it so it doesnt get stuck in memory once you're done. On another note though, I don't believe the ext3 journal stores anything other than inode location, filename and file size.
Last edited by phek; 06-23-2006 at 10:26 PM.
|
|
|
06-23-2006, 10:21 PM
|
#6
|
Member
Registered: Mar 2004
Posts: 135
Rep:
|
Quote:
Originally Posted by bernied
|
That's really good stuff.
|
|
|
06-26-2006, 02:26 AM
|
#7
|
Member
Registered: Jun 2005
Posts: 542
Rep:
|
Quote:
Originally Posted by phek
I don't believe the ext3 journal stores anything other than inode location, filename and file size.
|
You're right. By default, ext3 only stores meta-data in this journal and you may change/revert this. See tune2fs(8)
|
|
|
06-26-2006, 07:25 AM
|
#8
|
Member
Registered: Nov 2005
Posts: 144
Rep:
|
Quote:
Originally Posted by phek
On another note though, I don't believe the ext3 journal stores anything other than inode location, filename and file size.
|
Ext3 can be set to store the whole file in the journal, but the default is storing just inodes and meta-data.
But the problem with ext3 (and any modern filesystem) is not the journal, but the fact that it normally doesn't write new data in the same sectors as previous stuff. E. g. if you 'overwrite' a file, the file system might in fact just store the new data on a different physical location on the disk and update the inodes with the old data still on disk and recoverable, given enough time.
|
|
|
06-26-2006, 07:46 AM
|
#9
|
Member
Registered: Jun 2005
Posts: 542
Rep:
|
Quote:
Originally Posted by Lotharster
But the problem with ext3 (and any modern filesystem) is not the journal, but the fact that it normally doesn't write new data in the same sectors as previous stuff. E. g. if you 'overwrite' a file, the file system might in fact just store the new data on a different physical location on the disk and update the inodes with the old data still on disk and recoverable, given enough time.
|
I'm not 100% sure, but it isn't the case with ext3 which is said to be only ext2 + a journal. It applies to log structured filesystems and the like.
|
|
|
All times are GMT -5. The time now is 08:41 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|