Date: Sun, 27 Jun 1999 07:34:25 +1000 From: Greg Black <gjb-freebsd@gba.oz.au> To: Wes Peters <wes@softweyr.com> Cc: cjclark@home.com, FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: Secure Deletion Message-ID: <19990626213426.7899.qmail@alice.gba.oz.au> In-Reply-To: <3773F67A.CC9B6215@softweyr.com> of Fri, 25 Jun 1999 15:36:58 CST References: <199906250212.WAA07810@cc942873-a.ewndsr1.nj.home.com> <3773F67A.CC9B6215@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wes Peters writes:
> * Obliterate - a simple program to obliterate file contents.
I note that the error in the posted program with the size of the
overwrite bit patterns was addressed in a follow-up.
However, there is another issue that makes it a "bad" program:
> void
> obliterate(char *fname)
[...]
> int
> main(int argc, char *argv[])
> {
> while (--argc)
> {
> obliterate(argv[argc]);
> }
>
> return 0;
> }
Given that there is a bunch of error conditions that are checked
for and which may cause the program to abort, surely making it
report success on exit, regardless of what actually happened, is
a Bad Thing?
It would be trivial to make obliterate() return an int (e.g., 1
for an error and 0 for success). This would then give us a
main() like this (with a refinement to process the arguments in
the order given rather than backwards, because I don't like to
surprise people):
int
main(int argc, char **argv)
{
int status = 0;
while (--argc)
status |= obliterate(*++argv);
return status;
}
Disclaimer: I haven't compiled or tested the program and I have
not reviewed it thoroughly. These comments are from a cursory
read.
--
Greg Black -- <gjb@acm.org> or <gjb@computer.org>
Fight censorship in Australia: <http://www.efa.org.au>;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990626213426.7899.qmail>