(forw) Re: Shred 1.0 Bug Report

[Alfred Perlstein <bright () WINTELCOM NET>]

I'm sending this one last time because I feel that allowing people
to comment about "fixing" shred when in reality it's a piece of
worthless software.  The only "fix" would be kernel support to do
so as outlined in the email I sent.  Wietse agrees with me about
the points raised here.  He also raised the obvious point of such
information being leaked through swap and recoverable from memory
while the system is still running.

Shred needs kernel support to work properly and it's giving people a
false sense of security.  I would also be hesitant to run software
that the author failed to fix properly even with detailed instructions
as how to fix it were detailed, he obviously failed to roll his own
the first time, and doing so again wasn't very successful.

Using shred to wipe files is about as practical as ignoring friction
during a physics equation, it looks right, but it's horribly off.

You can continue to ignore and not relay my rants about useless
and dangerous software on this list.  It is a bit disapointing
that it's the Linux community that suffers from ignorance of
these problems and a refusal to come down hard on the authors of
junk/dangerous software.

My concern is that such programs will be ported to other systems and
may soon wind up on one of my workstations or servers.

People complaining about the stupid thing not checking return values
from syscalls are trying to use a band-aid to fix a severed head.

I don't see the point of discussing this program any further on
this list, the focus afaik of Bugtraq is security and I don't see
shred offering much of it.

-Alfred

----- Forwarded message from Alfred Perlstein <bright () wintelcom net> -----

From: Alfred Perlstein <bright () wintelcom net>
To: Wietse Venema <wietse () PORCUPINE ORG>
Cc: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: Shred 1.0 Bug Report
Date: Wed, 11 Oct 2000 16:20:08 -0700
Message-ID: <20001011162008.U272 () fw wintelcom net>
User-Agent: Mutt/1.2.4i

* Wietse Venema <wietse () PORCUPINE ORG> [001011 14:48] wrote:
> M. Leo Cooper:
> > It has been a couple of years since I actively worked on "shred". In
> > response to your e-mail, Jeff, when I tested the program, it no longer
> > worked as specified. In fact, when compiled on a glibc 2.1 machine,
> > "shred" coredumps. It appears that this package is a victim of the
> > changes made to libc.
>
> The shredding problem is not in libc.
>
> The problem is that shred(1) should have called fsync() after each
> overwrite iteration, in order to request that data be flushed from
> the kernel buffers to the disk blocks.

Programs like shred are particularly bad, they offer a false sense
of security, this instance shows a complete lack of understanding
of how most UNIX filesystems are implemented.

Shred won't work reliably on:

a) data logging filesystems
b) transactional filesystems
c) filesystems that perform online defrag (FreeBSD-FFS+reallockblks)
d) filesystems that offer snapshot capabilities.
e) (well i'm sure there's more)

Programs like this offer a false sense of security, the proper way
to do it is to implement some sort of 'scrub(2)' syscall that
informs the filesystem code to accomplish the task otherwise you
risk missing the data on the disk.  There is no way to for something
like this working entirely from userland on an advanced filesystem
without its assistance.

> > I therefore advise discontinuation of the use of the "shred" package. I
> > have no plans to bugfix or update it, since Tom Vier's "wipe" package
> > accomplishes the same job, and in a more thorough fashion.
> >
> > Jeff, I do have to question whether it was appropriate to notify
> > Bugtraq, since "shred" was never, to my knowledge, a part of any Linux
> > distribution.
>
> shred(1) installs with redhat 6.2, out of the box. Beware, software
> never dies. Once you release it things are out of your control.

shred should die.  Anyone relying on it deserves their bits stolen
and posted on usenet.

much love,
--
-Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org]
"I have the heart of a child; I keep it in a jar on my desk."

----- End forwarded message -----