--- secure-delete-3.1.orig/srm.1 +++ secure-delete-3.1/srm.1 @@ -55,7 +55,7 @@ .TP .B \-d ignore the two special dot files . and .. on the commandline. (so you can -execute it like "srm -d .* *") +execute it like "srm \-d .* *") .TP .B \-f fast (and insecure mode): no /dev/urandom, no synchronize mode. @@ -65,7 +65,7 @@ and a final mode random values. .TP .B \-l --l for a second time lessons the security even more: only one random pass +\-l for a second time lessons the security even more: only one random pass is written. .TP .B \-r @@ -95,7 +95,7 @@ which comes with the .I secure_deletion package to ensure to wipe also the free diskspace. However, If already a small -file aquired a block with your precious data, no tool known to me can help +file acquired a block with your precious data, no tool known to me can help you here. For a secure deletion of the swap space .I sswap is available. @@ -136,5 +136,5 @@ (1), .I sswap (1), -.I smem +.I sdmem (1) --- secure-delete-3.1.orig/sfill.1 +++ secure-delete-3.1/sfill.1 @@ -16,7 +16,7 @@ is designed to delete data which lies on available diskspace on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. -The wipe algorythm is based on the paper "Secure Deletion of Data from +The wipe algorithm is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers. .PP @@ -59,7 +59,7 @@ and a final mode with random values. .TP .B \-l --l for a second time lessons the security even more: only one random pass +\-l for a second time lessons the security even more: only one random pass is written. .TP .B \-v @@ -130,5 +130,5 @@ (1), .I sswap (1), -.I smem +.I sdmem (1) --- secure-delete-3.1.orig/Makefile +++ secure-delete-3.1/Makefile @@ -1,19 +1,19 @@ CC=gcc -OPT=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE +OPT=$(CFLAGS) -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE #OPT=-Wall -D_DEBUG_ -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -INSTALL_DIR=/usr/local/bin +INSTALL_DIR=$(prefix)/bin MAN_DIR=/usr/local/man DOC_DIR=/usr/share/doc/secure_delete OPT_MOD=-D__KERNEL__ -DMODULE -fomit-frame-pointer -fno-strict-aliasing -pipe -mpreferred-stack-boundary=2 #LD_MOD=-r -all: sdel-lib.o srm sfill sswap smem sdel-mod.o - @echo - @echo "A Puritan is someone who is deathly afraid that someone, somewhere, is" - @echo "having fun." - @echo - @echo "I hope YOU have fun!" - @echo +all: sdel-lib.o srm sfill sswap smem +# @echo +# @echo "A Puritan is someone who is deathly afraid that someone, somewhere, is" +# @echo "having fun." +# @echo +# @echo "I hope YOU have fun!" +# @echo sdel-mod.o: sdel-mod.c $(CC) $(OPT) $(OPT_MOD) $(LD_MOD) -I/lib/modules/`uname -r`/build/include -c sdel-mod.c @@ -23,32 +23,28 @@ srm: srm.c $(CC) ${OPT} -o srm srm.c sdel-lib.o - -strip srm sfill: sfill.c $(CC) ${OPT} -o sfill sfill.c sdel-lib.o - -strip sfill sswap: sswap.c $(CC) ${OPT} -o sswap sswap.c sdel-lib.o - -strip sswap smem: smem.c $(CC) ${OPT} -o smem smem.c sdel-lib.o - -strip smem clean: rm -f sfill srm sswap smem sdel sdel-lib.o sdel-mod.o core *~ install: all mkdir -p -m 755 ${INSTALL_DIR} 2> /dev/null - rm -f sdel && ln -s srm sdel - cp -f sdel srm sfill sswap smem the_cleaner.sh ${INSTALL_DIR} - chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem ${INSTALL_DIR}/the_cleaner.sh - mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null - cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1 - chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1 - mkdir -p -m 755 ${DOC_DIR} 2> /dev/null - cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR} - -test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char +# rm -f sdel && ln -s srm sdel + cp -f srm sfill sswap smem ${INSTALL_DIR} + chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem +# mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null +# cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1 +# chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1 +# mkdir -p -m 755 ${DOC_DIR} 2> /dev/null +# cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR} +# -test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char # @-test '!' -e sdel-mod.o -a `uname -s` = 'Linux' && echo "type \"make sdel-mod install\" to compile and install the Linux loadable kernel module for secure delete" - @echo - @echo "If men could get pregnant, abortion would be a sacrament." - @echo +# @echo +# @echo "If men could get pregnant, abortion would be a sacrament." +# @echo --- secure-delete-3.1.orig/srm.c +++ secure-delete-3.1/srm.c @@ -110,7 +110,7 @@ if ( (filestat.st_dev != controlstat.st_dev) || (filestat.st_ino != controlstat.st_ino) ) { fprintf(stderr, "Race found! (directory %s became a link)\n", filename); } else { - if ((dir = opendir (".")) != NULL) { + if ((dir = opendir (".")) < 0) { (void) chmod(".", 0700); /* ignore permission errors */ dir = opendir ("."); } @@ -166,8 +166,10 @@ return 3; } - if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0) + if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0) { + close(fd); return sdel_unlink(filename, 0, 1, slow); + } } /* end IS_REG() */ else { if (S_ISDIR(filestat.st_mode)) { --- secure-delete-3.1.orig/smem.1 +++ secure-delete-3.1/smem.1 @@ -3,16 +3,16 @@ .if n .sp .if t .sp 0.4 .. -.TH SMEM 1 +.TH SDMEM 1 .SH NAME -smem \- secure memory wiper (secure_deletion toolkit) +sdmem \- secure memory wiper (secure_deletion toolkit) .SH SYNOPSIS -.B smem [-f] [-l] [-l] [-v] +.B sdmem [-f] [-l] [-l] [-v] .SH DESCRIPTION -.I smem +.I sdmem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thiefs, law enforcement or other threats. @@ -24,7 +24,7 @@ .PP The .I secure data deletion -process of smem goes like this: +process of sdmem goes like this: .PP .TP .B * @@ -51,20 +51,26 @@ and a final random one. .TP .B \-l --l for a second time lessons the security even more: only one pass with +\-l for a second time lessons the security even more: only one pass with 0x00 is written. .TP .B \-v verbose mode .PP +.SH NOTE +.TP +This utility was originally called +.I smem +but was renamed for debian to avoid name clashes with another package. + .SH BEWARE .TP .B SLOW -Wiping the memory is very slow. You might use smem with the -ll option. (tip) +Wiping the memory is very slow. You might use sdmem with the \-ll option. (tip) .TP .B BETA! -.I smem +.I sdmem is still beta. .PP @@ -84,7 +90,7 @@ can be obtained from .I http://www.thc.org .Sp -.I smem +.I sdmem and the .I secure_deletion package is (C) 1997-2003 by van Hauser / THC (vh@thc.org) --- secure-delete-3.1.orig/sswap.1 +++ secure-delete-3.1/sswap.1 @@ -49,7 +49,7 @@ a final mode with random values. .TP .B \-l --l for a second time lessons the security even more: only one pass with +\-l for a second time lessons the security even more: only one pass with random values is written. .TP .B \-v @@ -106,5 +106,5 @@ (1), .I sfill (1), -.I smem +.I sdmem (1) --- secure-delete-3.1.orig/debian/docs +++ secure-delete-3.1/debian/docs @@ -0,0 +1,4 @@ +README +TODO +secure_delete.doc +usenix6-gutmann.doc --- secure-delete-3.1.orig/debian/control +++ secure-delete-3.1/debian/control @@ -0,0 +1,13 @@ +Source: secure-delete +Section: utils +Priority: optional +Maintainer: Robert Lemmen +Build-Depends: debhelper (>= 7.0.0) +Standards-Version: 3.9.4 + +Package: secure-delete +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: tools to wipe files, free disk space, swap and memory + Gutmann method based tools for securely wiping data from files, free + disk space, swap and memory: srm, sfill, sswap and sdmem. --- secure-delete-3.1.orig/debian/compat +++ secure-delete-3.1/debian/compat @@ -0,0 +1 @@ +7 --- secure-delete-3.1.orig/debian/changelog +++ secure-delete-3.1/debian/changelog @@ -0,0 +1,46 @@ +secure-delete (3.1-6) unstable; urgency=low + + * Enable hardening flags during build + * Update packaging + * Bump standards-version + * Fix a few minus-vs-hyphen bugs in manpages + * Fixed a few typos (closes: #486018, #653260) + * Tone down description a little bit and include binary names + (closes: #680336, #538151) + + -- Robert Lemmen Fri, 05 Jul 2013 08:50:37 +0100 + +secure-delete (3.1-5) unstable; urgency=low + + * Rename smem to sdmem to avoid name clash with smem package + * Bumped Standards-Version to 3.8.3 and related fixes + + -- Robert Lemmen Tue, 05 Jan 2010 14:55:00 +0000 + +secure-delete (3.1-4) unstable; urgency=low + + * Fixed licensing info (closes: #428102) + * Fixed handling of nostrip build option (closes: #438009) + + -- Robert Lemmen Tue, 28 Aug 2007 13:21:17 +0200 + +secure-delete (3.1-3) unstable; urgency=low + + * Moved from experimental + * Added more documentation + + -- Robert Lemmen Thu, 5 Oct 2006 22:04:17 +0200 + +secure-delete (3.1-2) experimental; urgency=low + + * Upload to experimental instead of unstable. + * Added description on how to test security to README.Debian. + + -- Robert Lemmen Mon, 2 May 2005 11:55:11 +0200 + +secure-delete (3.1-1) unstable; urgency=low + + * Initial Release. + + -- Robert Lemmen Thu, 29 Jan 2004 18:09:26 +0100 + --- secure-delete-3.1.orig/debian/copyright +++ secure-delete-3.1/debian/copyright @@ -0,0 +1,17 @@ +This package was debianized by Robert Lemmen on +Thu, 29 Jan 2004 18:09:26 +0100. + +It was downloaded from http://www.thc.org + +Upstream Author: van Hauser + +Copyright: 1999-2004 van Hauser + + You are free to distribute this software under the terms of + the GNU General Public License. + On Debian systems, the complete text of the GNU General Public + License can be found in /usr/share/common-licenses/GPL file. + +The file "usenix6-gutmann.doc" is licensed under the "Creative Commons +Attribution 3.0" license, which you can find at +http://creativecommons.org/licenses/by/3.0/ --- secure-delete-3.1.orig/debian/watch +++ secure-delete-3.1/debian/watch @@ -0,0 +1,3 @@ +version=2 +http://www.thc.org/releases.php .*secure[-_]delete-(.*)\.tar\.gz + --- secure-delete-3.1.orig/debian/README.Debian +++ secure-delete-3.1/debian/README.Debian @@ -0,0 +1,56 @@ +secure-delete for Debian +------------------------ + +The original package and debian versions prio to 3.1-5 contained a utility +called smem that wiped memory. This utility seems to be of limited use and +clashes with another binary of the same name, it is therefore renamed to sdmem. + +The source for secure_delete contains a 2.4 kernel module that turns every +call to unlink() into a secure remove, this module is not yet part of this +package for technical reasons. if you need it please "apt_get source +secure-delete" and build it yourself for now. + +Also note that securely wiping data from magnetic media is a difficult task and +depends a lot on the filesystem in question (among other things). So there is no +guarantee that this program will work in your configuration, but you can and +should check for yourself by creating a loopback filesystem, mountig it and +creating a file in it, then securely wiping it and grepping for it's contents in +the loopback file: + +dd if=/dev/zero of=disk bs=4096 count=1024 +mke2fs disk +losetup /dev/loop0 disk +mkdir test +mount /dev/loop0 test +cd test +for ((i=0; i<10000; i++)) +do + echo "ofenrohr" >> file; +done +cd .. +umount test +losetup -d /dev/loop0 +grep "ofenrohr" disk +--> this should result in a "binary file disk matches" +losetup /dev/loop0 disk +mount /dev/loop0 test +cd test +srm file +cd .. +umount test +losetup -d /dev/loop0 +grep "ofenrohr" disk +--> this should not find anything + +Please make sure you use the correct filesystem type and options during the +mkfs! + +Another general problem of wiping data from disks is that most harddisks will +occasionally mark a sector as "bad" and copy it's contents to a new location +that the disk will pretend is at the original location. Since this is completely +transparent, there is no way to access these sectors without touching the disks +hardware. These sectors may then contain sensitive information that could be +retrieved from the disk. If you want better security, use an encrypting +filesystem (dm-crypt, loop-aes), and forget the key if you want to wipe it. + + -- Robert Lemmen , Thu, 29 Jan 2004 18:09:26 +0100 --- secure-delete-3.1.orig/debian/rules +++ secure-delete-3.1/debian/rules @@ -0,0 +1,59 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS) +CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) +CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS) +LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp + +build-stamp: + dh_testdir + CFLAGS="$(CFLAGS) $(CPPFLAGS) $(LDFLAGS)" $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + $(MAKE) clean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) install prefix=$(CURDIR)/debian/secure-delete/usr + + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs CHANGES + dh_installdocs README TODO + dh_installman sfill.1 srm.1 smem.1 sswap.1 + # rename smem + mv $(CURDIR)/debian/secure-delete/usr/bin/smem \ + $(CURDIR)/debian/secure-delete/usr/bin/sdmem + mv $(CURDIR)/debian/secure-delete/usr/share/man/man1/smem.1 \ + $(CURDIR)/debian/secure-delete/usr/share/man/man1/sdmem.1 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- secure-delete-3.1.orig/debian/source/format +++ secure-delete-3.1/debian/source/format @@ -0,0 +1 @@ +1.0