[17152] in bugtraq
Re: Shred 1.0 Bug Report
daemon@ATHENA.MIT.EDU (Wietse Venema)
Wed Oct 11 18:08:19 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <20001011103354.2DE274565A@spike.porcupine.org>
Date: Wed, 11 Oct 2000 06:33:54 -0400
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
X-To: "M. Leo Cooper" <thegrendel@theriver.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.20.0010102308590.612-100000@localhost> from "M. Leo
Cooper" at "Oct 10, 0 11:43:11 pm"
M. Leo Cooper:
> It has been a couple of years since I actively worked on "shred". In
> response to your e-mail, Jeff, when I tested the program, it no longer
> worked as specified. In fact, when compiled on a glibc 2.1 machine,
> "shred" coredumps. It appears that this package is a victim of the
> changes made to libc.
The shredding problem is not in libc.
The problem is that shred(1) should have called fsync() after each
overwrite iteration, in order to request that data be flushed from
the kernel buffers to the disk blocks.
> I therefore advise discontinuation of the use of the "shred" package. I
> have no plans to bugfix or update it, since Tom Vier's "wipe" package
> accomplishes the same job, and in a more thorough fashion.
>
> Jeff, I do have to question whether it was appropriate to notify
> Bugtraq, since "shred" was never, to my knowledge, a part of any Linux
> distribution.
shred(1) installs with redhat 6.2, out of the box. Beware, software
never dies. Once you release it things are out of your control.
> Thanks for the notification.
Wietse
