LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Security (http://www.linuxquestions.org/questions/forumdisplay.php?f=4)
-   -   Kernel level secure file deletion? (http://www.linuxquestions.org/questions/showthread.php?t=538510)

Bryan88 03-18-2007 10:34 AM

Kernel level secure file deletion?
 
I was reading in the news lately about copiers, scanners, and other devices (ATM's, anyone???), that have have been stolen and possibly personal information compromised from recovered deleted files. I find this scarey with all the personal stuff I've copied over the years, ATM's I've used, and airline tickets that have been scanned.

Is there any code available that can be inserted during a kernel build, so that 'rm' calls become some sort of secure over-writing during deletion? Maybe even only 1 pass is necessary. I know tools are available for this manually after the fact (and they are of dubious value in journaling file systems). I think a kernel based system is the only possible way to go.

(I thought about encrypted files systems; however, if they have stolen the entire device, they probably have the key too!)

I am just thinking of all of the embedded devices and shared use terminals that use Linux, writing temporary files all over the place.

Any ideas if such kernel code options exists?

Bryan

b0uncer 03-18-2007 12:28 PM

I haven't heard of any, but would that not be slow? To overwrite each file during deletion, for example, would slow down the system considerably. For example if you use shred to do the job manually you'll notice that one or two or a few rounds won't make a difference on small files, but then again, it's not that secure. To get something done for sure you would need to do the loop quite a many times (at least some dozens I imagine), and even if that works for small files, try to do that for big files. I would rip my hair off doing that. And surely not everything on your harddisk is so valuable that you'd need to shred it (for example temporary files created during surfing Yahoo.com), so it's no use to overwrite all deleted files. In my opinion a better way is to encrypt those files you consider really valuable, and if they're really that valuable, maybe use a portable disk for them and lock it up in a bank or something for the time you aren't looking after it. And when it comes to getting rid of the disk, then spend a night or two shredding the files or doing something else similar, maybe even open the thing up, spit on it and play around with magnets.

You are correct, it's scary, but then again your personal data is more probably "stolen" when you talk on the phone (somebody's listening to it or recording it), send emails (unless you encrypt each one of them, and I bet you don't) or talk to a friend (did you check the painting for microphones?). Getting your [device name here] stolen and read, after breaking up the encryption and recovering deleted files doesn't sound that probable. And if you do encrypt the files, why on earth would you write the key on the device (you said "if they have stolen the entire device, they probably have the key too", but that doesn't sound probable if you only have the key in your mind and not physically anywhere)? First step of security is to not have keys hanging around for anybody to read.

What you are afraid of is in my opinion just as probable as somebody sniffing your machine without you knowing it. The bad side is, it's probably easier to sniff than steal the whole machine, and probably more difficult to prevent sniffing than prevent stealing&reading your personal data physically.

Interesting if you find some way to get the kernel do some "low level deleting", but I call it a waste of time and resources. There are better ways to achieve the same level of security, and no way to get 100% bullet-proof security.

OlRoy 03-18-2007 12:49 PM

I've read, and knowing a little about forensics I wouldn't be surprised if it was true, that you only need to overwrite a file once to securely delete it. The only reason why the government requires more passes is just incase sometime in the future someone figures out how to recover overwritten files. Plus they require more passes because there threat model is much bigger than the average Joe. Any sensitive material I want to delete I just use one pass.


All times are GMT -5. The time now is 04:05 AM.