LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-05-2005, 05:26 PM   #16
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34

Quote:
Originally posted by ddaas
the test I've made is relevant.

I write some text in a file, then #shred file_name and then #strings /dev/hda1 | grep 'mytext'
I could find the text.
The test I've made on ext3 file system.
Chances are that you're seeing the journal.
For a proper test you'd have to use an external journal or create a journal with the smallest size possible and do some heavy filesystem work before shredding the file.

According to the mke2fs manpage:
Quote:
The size of the journal must be at least 1024 filesystem blocks (i.e., 1MB if using 1k blocks, 4MB if using 4k blocks)
tune2fs -l /dev/hdaZ | grep "Block size"
mke2fs -J size=X /dev/hdaZ

Quote:
So there is no secure delete with classical tools on journalized file system...
There may be some hope with ext3 if "ext3 == ext2 + journal"


Always make sure your wipe program uses fsync to avoid copy-on-capture optimization when overwriting

Last edited by primo; 08-05-2005 at 05:44 PM.
 
Old 08-11-2005, 02:10 PM   #17
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
The easy way i found to deal with this problem was to create a ramdisk, then do anything i need to with gpg etc on the ramdisk.

If you need to remove it, you either switch the machine off, or if your totally paranoid run smem or sfill, then format the ramdisk (followed by powerdown).

If your looking for a way to instantly make data unrecoverable to the majority of people, do it in ram.

My friend took it one step further and created an encrypted ramdisk, but i'd view that as taking it to the extreme.

At the end of it all, i recommend thc's secure deletion suite, and a program called scrub i got from here: http://www.llnl.gov/linux/scrub/scrub.html

I use them both to totally clean up.
 
Old 08-13-2005, 12:37 AM   #18
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
My friend took it one step further and created an encrypted ramdisk, but i'd view that as taking it to the extreme.
I think it's healthy paranoia because /dev/ram* may be read by uid=root or gid=disk or via /dev/mem with the same uid or gid=kmem (gid's may vary on each system)
Also, ramdisks could be remounted and data will still be there.

I've been using encrypted loop devices when encrypting/decrypting/modifying my passwords file. An encrypted ramdisk is a good idea because it's faster (which is perfect for large files). The problem with ramdisks is that this RAM is not reusable by the kernel later (it will always be allocated for that particular ram device) and the only way to free up this space is to reboot.

An extra step of paranoia would be to turn off swap if it isn't encrypted. Fortunately, gnupg uses mlock() to prevent the buffer it uses from being paged to disk

Last edited by primo; 08-13-2005 at 12:46 AM.
 
Old 08-14-2005, 02:46 AM   #19
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
If you really have to do things on hard drive storage, use ext2 partitions, and prepare to spend hours using sfill, and the eventual fsck errors that come with it. If you just really need an area to do secure things whack a gig of ram in a machine and use a 256mb ramdisk w/encryption, and use a script to wipe it and reformat it after use.

Its a sticky subject, you can take things way to far, to the point of making things ultra complicated. If you are encrypting the ramdisk, do you generate a one time random key each time to another ramdisk, or just use a single key on safe media, etc.

The only true effective way to secure that data though is an angle grinder or a chemical called thermite.

The fact that the US gov takes there hard drives, grinds them to dust then stores the dust in barrels in high security compounds for a time period of around 50-100 years, gives you an idea of how extreme you can take it to.
 
Old 08-15-2005, 01:50 AM   #20
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
I was pointing at the fact that a temporary encrypted filesystem is better than a ramdisk in most cases because this memory can't be reused (at least, this is what states the fairly old documentation in the linux kernel). If it did (which would be desiderable in some cases), then this memory would be assigned to processes and either you or the kernel should have to wipe its bytes before being mapped to any process.

Quote:
The fact that the US gov takes there hard drives, grinds them to dust then stores the dust in barrels in high security compounds for a time period of around 50-100 years, gives you an idea of how extreme you can take it to.
I don't know if it's proper to talk about politics here (specially "these times"), but I'd state the obvious: the modern way of life is self-destructive in an very absurd and pointless way. I myself would never trash a hard drive that way because environmental concerns are more important to me than security ones. (Note that a hard drive costs money too, but the environment variable is never accounted for, and when it is, most of the time it's put behind. This must change on the immediate future and will be the world's primary concern when the consequences of our collective actions become obvious)

Pseudo-representative entities of any kind are like strange specimen with strange needs and appear to have a life of its own. Exactly what gives them the right?
People's inertia and apathy is what lets them to do the stupid things they do

For an example of this, see http://www.theregister.co.uk/2005/08...nuclear_waste/

Last edited by primo; 08-15-2005 at 01:53 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie advice on how to learn Linux J_K9 General 3 06-21-2005 01:21 PM
Advice needed for linux newbie! tranceybowler Linux - Newbie 14 01-29-2005 05:40 AM
Newbie Help - Linux Installation Advice Dabomb665m Linux - Newbie 5 06-28-2004 10:53 PM
What are some Newbie essential Linux tools? coopns Linux - Newbie 1 05-25-2004 07:54 AM
Linux Newbie seeking advice on proper security for 7.3 web server... marvc Linux - Security 3 03-24-2003 02:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration