[17179] in bugtraq
Re: Shred 1.0 Bug Report
daemon@ATHENA.MIT.EDU (Alfred Perlstein)
Thu Oct 12 15:00:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001011162008.U272@fw.wintelcom.net>
Date: Wed, 11 Oct 2000 16:20:08 -0700
Reply-To: Alfred Perlstein <bright@WINTELCOM.NET>
From: Alfred Perlstein <bright@WINTELCOM.NET>
X-To: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001011103354.2DE274565A@spike.porcupine.org>; from
wietse@PORCUPINE.ORG on Wed, Oct 11, 2000 at 06:33:54AM -0400
* Wietse Venema <wietse@PORCUPINE.ORG> [001011 14:48] wrote:
> M. Leo Cooper:
> > It has been a couple of years since I actively worked on "shred". In
> > response to your e-mail, Jeff, when I tested the program, it no longer
> > worked as specified. In fact, when compiled on a glibc 2.1 machine,
> > "shred" coredumps. It appears that this package is a victim of the
> > changes made to libc.
>
> The shredding problem is not in libc.
>
> The problem is that shred(1) should have called fsync() after each
> overwrite iteration, in order to request that data be flushed from
> the kernel buffers to the disk blocks.
Programs like shred are particularly bad, they offer a false sense
of security, this instance shows a complete lack of understanding
of how most UNIX filesystems are implemented.
Shred won't work reliably on:
a) data logging filesystems
b) transactional filesystems
c) filesystems that perform online defrag (FreeBSD-FFS+reallockblks)
d) filesystems that offer snapshot capabilities.
e) (well i'm sure there's more)
Programs like this offer a false sense of security, the proper way
to do it is to implement some sort of 'scrub(2)' syscall that
informs the filesystem code to accomplish the task otherwise you
risk missing the data on the disk. There is no way to for something
like this working entirely from userland on an advanced filesystem
without its assistance.
> > I therefore advise discontinuation of the use of the "shred" package. I
> > have no plans to bugfix or update it, since Tom Vier's "wipe" package
> > accomplishes the same job, and in a more thorough fashion.
> >
> > Jeff, I do have to question whether it was appropriate to notify
> > Bugtraq, since "shred" was never, to my knowledge, a part of any Linux
> > distribution.
>
> shred(1) installs with redhat 6.2, out of the box. Beware, software
> never dies. Once you release it things are out of your control.
shred should die. Anyone relying on it deserves their bits stolen
and posted on usenet.
much love,
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
