LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-23-2006, 05:50 PM   #1
expaand
LQ Newbie
 
Registered: Jun 2006
Posts: 1

Rep: Reputation: 0
crypto, "shred", ext3, and loop device


I would like to decrypt certain data into a file, use the file, and when done, "wipe" the file using something like "wipe" or "shred".

However, my file system is "ext3", and I am told that following a "shred", journal entries could still exist containing sensitive data.

Also, I don't have any free partitions to use for doing this, which would solve the problem easily.

So, I am wondering if the following would work:

1. Create, say, a 20 mb file in the ext3 partition.
2. using mkfs, create a "ext2" type filesystem (with no journalling) in that file.
3. Mount the file as loop device.
4. Create files containing the decrypted, sensitive data in that mounted filesystem, run "shred", and delete the files.

If I do this, could there still be any sensitive data hanging around in the ext3 journals (or anywhere else)?

Thanks, if anyone can shed light on this.

David Geller
 
Old 06-23-2006, 08:46 PM   #2
bernied
Member
 
Registered: Mar 2006
Location: Edinburgh, UK
Distribution: debian
Posts: 304

Rep: Reputation: 30
Could you use a ramdisk?
Here's someone who did it for the same reason:
http://www.vanemery.com/Linux/Ramdisk/ramdisk.html
 
Old 06-23-2006, 08:58 PM   #3
bernied
Member
 
Registered: Mar 2006
Location: Edinburgh, UK
Distribution: debian
Posts: 304

Rep: Reputation: 30
You got me interested. The ramdisks don't take up any space until you use them, so you can specify them to be big.
And you can change the size without rebooting.
http://www.linuxfocus.org/English/No...rticle124.html
Of course you need to have 20MB ram spare - surely?
 
Old 06-23-2006, 09:03 PM   #4
bernied
Member
 
Registered: Mar 2006
Location: Edinburgh, UK
Distribution: debian
Posts: 304

Rep: Reputation: 30
Seems you can only change the default size without rebooting if your ramdisk support is a module of the kernel, not if it's compiled in (like mine).
 
Old 06-23-2006, 09:09 PM   #5
phek
Member
 
Registered: Jul 2001
Location: California, US
Distribution: Slackware
Posts: 196

Rep: Reputation: 30
try using tmpfs, it's better suited for what you're trying to do, however make sure you write over all 20 megs or however large you make it so it doesnt get stuck in memory once you're done. On another note though, I don't believe the ext3 journal stores anything other than inode location, filename and file size.

Last edited by phek; 06-23-2006 at 10:26 PM.
 
Old 06-23-2006, 10:21 PM   #6
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
Quote:
Originally Posted by bernied
Could you use a ramdisk?
Here's someone who did it for the same reason:
http://www.vanemery.com/Linux/Ramdisk/ramdisk.html
That's really good stuff.
 
Old 06-26-2006, 02:26 AM   #7
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
Originally Posted by phek
I don't believe the ext3 journal stores anything other than inode location, filename and file size.
You're right. By default, ext3 only stores meta-data in this journal and you may change/revert this. See tune2fs(8)
 
Old 06-26-2006, 07:25 AM   #8
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
Quote:
Originally Posted by phek
On another note though, I don't believe the ext3 journal stores anything other than inode location, filename and file size.
Ext3 can be set to store the whole file in the journal, but the default is storing just inodes and meta-data.

But the problem with ext3 (and any modern filesystem) is not the journal, but the fact that it normally doesn't write new data in the same sectors as previous stuff. E. g. if you 'overwrite' a file, the file system might in fact just store the new data on a different physical location on the disk and update the inodes with the old data still on disk and recoverable, given enough time.
 
Old 06-26-2006, 07:46 AM   #9
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
Originally Posted by Lotharster
But the problem with ext3 (and any modern filesystem) is not the journal, but the fact that it normally doesn't write new data in the same sectors as previous stuff. E. g. if you 'overwrite' a file, the file system might in fact just store the new data on a different physical location on the disk and update the inodes with the old data still on disk and recoverable, given enough time.
I'm not 100% sure, but it isn't the case with ext3 which is said to be only ext2 + a journal. It applies to log structured filesystems and the like.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"Successful install" results in "Boot device not found" slackr007 Fedora 2 06-21-2005 04:05 PM
"Successful install" results in "Boot device not found" slackr007 Linux - Newbie 2 05-31-2005 08:02 PM
Getting error: "ALSA device "default" is already in use by another program." brynjarh Debian 7 02-04-2005 11:45 AM
Ext3 warnings on a loop device andreseso Linux - Hardware 2 12-09-2004 09:47 PM
"Unable to open USB device "usb://hp/LaserJet%201000": No such device" lordshipmayhem Mandriva 2 08-08-2004 04:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration