You should use encrypted swap if you're having to shred files.
If someone is industrious enough to snorgle through device bits to snag
the info they want, sure enough they're not going to stop at the FS...
On 05/28, Jonathan E. Paton said something like:
> --- Langa Kentane <[EMAIL PROTECTED]> wrote:
> > Well, reasonable security is fine, but the idea of writing
> > zeroes to the file does not appeal to me, If I can't get
> > any other way I guess I will have to use that.
>
> Allow me to assume you are using Unix... you have a hopeless
> cause if you are using Windows. Here is the situation on most
> Unixes:
>
> * /proc - A virtual filesystem. The memory used by processes
> can be read/writen, and hence 'root' is critical to security
> [as always].
> * 'root' can alter your script before it is executed!
> * Only 'root' user can hack raw bytes on your filesystem
>
> I assume you need to shred because:
>
> * If the box is stolen, then you don't want to have critcal
> information lying around.
>
> And not because:
>
> * You don't trust your system admin
>
> Then shredding the file is the right thing to do. You shouldn't
> just zero the files, as harddisks are not digital devices... and
> it may be possible to recover data that has been zero'd.
>
> Commerical shredding programs [why spend good money on a 5 minute
> Perl program?] err on the side of caution, and write random data
> several times over. Of course, they probably fail if the file
> has shrunk in size before being shredded! [partly un-erased]
>
> Whatever you do, pay attention to race conditions. Read pages
> 569-576 of Programming Perl before you move any further! Race
> conditions are attacked frequently. Never, never, ever declare
> a program as completely secure! - unless it is very trival.
>
> Make sure you create a tempory safely, as per the Camel, or you
> will be flung out into the hot desert.
>
> Jonathan Paton
>
> =====
> $_=q|.,&@$$. ,.@$&@$. .&$$@. ,,$ ....!$_=$p.'&$@.',y'&$@' .,';for(/\S+/g){
> !|.q| .$ .,@, ,$, .,.. @, ,$ ,,@ .,,.!++$.<22?${'y'.$_}=chr$.+64:[$$=${'y'
> !|.q| ,@$@&.,. $$$&, ..@&&$,,, $., ..!.$_},$y.=($.=~/22\|26\|3(3\|7)/x?' '
> !|.q|. @ ., ,.&,,, , .$..&. .,$ .,,!.$$:"\l$$")]};$y=~/ (.*)/;warn"$1\n"
> !|.q|. $ .,. .,$$&&$...&., @.,.&@$@ .|,map{-$|--?$r:$p.=$_}split'!';eval$r
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
Shawn Leas
[EMAIL PROTECTED]
On the other hand, you have different fingers...
-- Stephen Wright
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
