From owner-freebsd-security  Thu Nov 18 21:50:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5F252156D0; Thu, 18 Nov 1999 21:50:13 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com (mailhub [198.206.181.70])
	by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id VAA26417;
	Thu, 18 Nov 1999 21:49:11 -0800 (PST)
X-Origination-Site: <ind.alcatel.com>
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id VAA00835; Thu, 18 Nov 1999 21:49:11 -0800
Received: from softweyr.com ([204.68.178.39]) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA17809; Thu, 18 Nov 99 21:49:08 PST
Message-Id: <3834E4D1.F1B3EC6B@softweyr.com>
Date: Thu, 18 Nov 1999 22:49:05 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: trouble@netquick.net
Cc: Barrett Richardson <barrett@phoenix.aye.net>,
	David G Andersen <danderse@cs.utah.edu>,
	freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: secure filesystem wiping
References: <Pine.BSF.4.01.9911172336080.5008-100000@phoenix.aye.net> <38347544.3D50A536@softweyr.com> <3834785B.D1A99603@netquick.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

TrouBle wrote:
> 
> will you all take a look at this, this is what i am looking for!!
> 
> Wipe is a tool that effectively degauses the surface of a hard
> disk, making it virtually impossible to retrieve the data that was
> stored on it. This is the ultimate in making sure secure data that is
> erased from a hard drive is unrecoverable.

OK, I just looked at it.  I don't see where it differs greatly from
obliterate.  In particular, nothing about the manpage or the code
suggests that it will do what you suggest, background wiping of free
sectors on a mounted filesystem.  On the contrary, it appears that is
has some special code introduced for handling block devices that seem
to be unnecessary, given that block devices are (soon to be) no longer
found in FreeBSD.

I agree that the ability to securely overwrite disk sectors before
returning them to the free pool is an excellent idea, but this tool does
not appear to provide such a feature.

When the original discussion that lead to my rather simple obliterate
program occurred, Matt Dillon and others pointed out the way to really
do this would be to integrate the disk sector wiping into the VM system.
While I agree this sounds like an excellent feature, I am not going to
be able to do that anytime in the foreseeable future.  If someone else
wants to work on this, feel free to use any part of the code I've written,
it's under a Berkeley-style "copycenter" license after all.  ;^)

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message