Bugtraq mailing list archives
Shred 1.0 Bug Report
From: Jeff Harlan <Jeff.Harlan () MAIL SPRINT COM>
Date: Tue, 10 Oct 2000 08:45:27 -0700
Greetings, Ran a test with Shred v1.0 and found some unexpected results. This utility is supposed to overwrite a file with several passes of different bit patterns followed by one random pattern. The file is then unlinked. This is supposed to make the file unrecoverable with utilities which read raw disk blocks. Using the icat utility from Dan Farmer and Wietze Venema's TCT Toolkit it appears that the data is not overwritten. This test was done on two different RedHat 6.0 systems. http://personal.riverusers.com/~thegrendel/shred-1.0.tar.gz [root test]# ls -il shred.me 1298547 -rw-rw-r-- 1 jharlan jharlan 17 Oct 10 08:25 shred.me [root test]# icat /dev/hda5 1298547 shred this puppy [root test]# shred shred.me Are you sure you want to delete shred.me? y 1000 bytes have been overwritten. The file shred.me has been destroyed! [root test]# icat /dev/hda5 1298547 shred this puppy [root test]# Since this bug does not present an immediate threat of attack from outsiders the author of this program is being notified by this post. Jeff jeff.harlan () mail sprint com
Current thread:
- Shred 1.0 Bug Report Jeff Harlan (Oct 10)
- Re: Shred 1.0 Bug Report Guenther H. Leber (Oct 10)
- Re: Shred 1.0 Bug Report Frank Wiles (Oct 11)
- Re: Shred 1.0 Bug Report M. Leo Cooper (Oct 11)
- Re: Shred 1.0 Bug Report Wietse Venema (Oct 11)
- Re: Shred 1.0 Bug Report Alfred Perlstein (Oct 12)
- Re: Shred 1.0 Bug Report Mitchell Blank Jr (Oct 13)
- Re: File "shredding" Kurt Seifried (Oct 13)
- Re: Shred 1.0 Bug Report Wietse Venema (Oct 11)
- Re: Shred 1.0 Bug Report M. Leo Cooper (Oct 11)
- Re: Shred 1.0 Bug Report Dan Kaminsky (Oct 12)
- Re: Shred 1.0 Bug Report Guenther H. Leber (Oct 10)