[17159] in bugtraq
Re: Shred v1.0 Fix
daemon@ATHENA.MIT.EDU (Wietse Venema)
Wed Oct 11 19:10:32 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <20001011182428.B168D45667@spike.porcupine.org>
Date: Wed, 11 Oct 2000 14:24:28 -0400
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
X-To: Jeff Harlan <Jeff.Harlan@mail.sprint.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39E4ADA2.A5CBEDA9@mail.sprint.com> from Jeff Harlan at "Oct 11,
0 11:12:50 am"
Beware, this patch does not work. The author of the patch has
credited me but has decided to ignore my advice, which was in the
form of both English text and C program code.
To properly overwrite data, this program should:
1 - Call fsync() not sync(). The sync() routine returns BEFORE the
data is written to disk. fsync() blocks while the disk is updated.
2 - Call fflush(fp) before calling fsync(). The present code syncs
while the data is still in the application's standard I/O buffers.
3 - Inspect every library/system call for an error return and acct
accordingly.
Wietse
Jeff Harlan:
> Greetings,
>
> Since the Shred package is no longer supported
> I threw this patch together. Thanks for input
> from Wietse Venema and G_nthER H. Leber.
>
> This version of shred.c works with my RedHat 6.0
> machine, but that's the only warranty I'm offering.
>
> Changes are noted in the comments. To use replace
> shred.c in the original Shred 1.0 distribution with
> the attached shred.c and type make.
>
> Here's output from testing the new shred program:
>
> [root shred]# ls -il shred.me
> 1464474 -rw-rw-r-- 1 root root 16 Oct 11 10:44 shred.me
> [root shred]# icat /dev/hda5 1464474
> shred this file
> [root shred]# ./shred shred.me
>
>
> Are you sure you want to delete shred.me? y
>
> 1000 bytes have been overwritten.
> The file shred.me has been destroyed!
>
> [root shred]# icat /dev/hda5 1464474 | od -x
> 0000000 1b6d 3d32 6637 5e27 4934 4352 2819 342c
> 0000020 7076 7603 573a 7a23 6502 0035 182c 190f
> 0000040 4133 6a56 7d27 5b48 1a47 601e 4a42 3915
> 0000060 183a 742f 526f 716f 2437 6371 003c 707c
> 0000100 5341 685a 2350 1743 613d 0078 0d2b 6539
> 0000120 6825 145a 493a 7205 766d 2955 5277 3819
> ... (more pseudorandom data)
>
>
> Jeff
>
> jeff.harlan@mail.sprint.com
[Attachment, skipping...]
