250 lines
7.1 KiB
Diff
250 lines
7.1 KiB
Diff
--- remove.c.orig 2003-05-05 15:15:48.000000000 +0200
|
|
+++ remove.c 2003-05-05 15:26:08.000000000 +0200
|
|
@@ -26,6 +26,12 @@
|
|
#include <sys/types.h>
|
|
#include <assert.h>
|
|
|
|
+/* SRM BEGIN */
|
|
+#include <sys/stat.h>
|
|
+#include <unistd.h>
|
|
+#include <stdlib.h>
|
|
+/* SRM END */
|
|
+
|
|
#if HAVE_STDBOOL_H
|
|
# include <stdbool.h>
|
|
#else
|
|
@@ -81,6 +87,18 @@
|
|
int euidaccess ();
|
|
int yesno ();
|
|
|
|
+/* SRM BEGIN */
|
|
+#define BLOCKSIZE 32769
|
|
+#define DIR_SEPERATOR '/'
|
|
+#define FLUSH sync()
|
|
+#define RANDOM_DEVICE "/dev/urandom"
|
|
+static int secure = 0;
|
|
+static char fillbuf[BLOCKSIZE];
|
|
+static FILE *devrandom;
|
|
+/* Functions */
|
|
+static int secure_delete();
|
|
+/* SRM END */
|
|
+
|
|
extern char *program_name;
|
|
|
|
/* state initialized by remove_init, freed by remove_fini */
|
|
@@ -605,6 +623,103 @@
|
|
return status;
|
|
}
|
|
|
|
+/* SRM BEGIN */
|
|
+void fill_buf(char pattern[3]) {
|
|
+ int loop;
|
|
+ int where;
|
|
+ for (loop = 0; loop < (BLOCKSIZE / 3); loop++) {
|
|
+ where = loop * 3;
|
|
+ fillbuf[where] = pattern[0];
|
|
+ fillbuf[where+1] = pattern[1];
|
|
+ fillbuf[where+2] = pattern[2];
|
|
+ }
|
|
+}
|
|
+
|
|
+void random_buf() {
|
|
+ int loop;
|
|
+ if (devrandom != NULL)
|
|
+ for (loop = 0; loop < BLOCKSIZE; loop++)
|
|
+ fillbuf[loop] = (unsigned char) (256.0*rand()/(RAND_MAX+1.0));
|
|
+ else
|
|
+ fread(&fillbuf, BLOCKSIZE, 1, devrandom);
|
|
+}
|
|
+
|
|
+/* overwriting the file several times */
|
|
+ static int
|
|
+ secure_delete (delfile)
|
|
+ char *delfile;
|
|
+ {
|
|
+ unsigned char write_modes[27][3] = {
|
|
+ {"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"}, {"\x49\x24\x92"},
|
|
+ {"\x24\x92\x49"}, {"\x00\x00\x00"}, {"\x11\x11\x11"}, {"\x22\x22\x22"},
|
|
+ {"\x33\x33\x33"}, {"\x44\x44\x44"}, {"\x55\x55\x55"}, {"\x66\x66\x66"},
|
|
+ {"\x77\x77\x77"}, {"\x88\x88\x88"}, {"\x99\x99\x99"}, {"\xaa\xaa\xaa"},
|
|
+ {"\xbb\xbb\xbb"}, {"\xcc\xcc\xcc"}, {"\xdd\xdd\xdd"}, {"\xee\xee\xee"},
|
|
+ {"\xff\xff\xff"}, {"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
|
|
+ {"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
|
|
+ };
|
|
+ unsigned char std_array[3] = "\xff\xff\xff";
|
|
+ FILE *f;
|
|
+ int file;
|
|
+ unsigned long writes;
|
|
+ unsigned long counter;
|
|
+ unsigned long filesize;
|
|
+ struct stat filestat;
|
|
+ int turn;
|
|
+ int result;
|
|
+ unsigned char ch;
|
|
+ char newname[512];
|
|
+
|
|
+/* open the file, get the filesize, calculate the numbers of needed writings */
|
|
+ if (lstat(delfile, &filestat))
|
|
+ return 1;
|
|
+ if (! S_ISREG(filestat.st_mode))
|
|
+ return 1;
|
|
+ if ((f = fopen(delfile, "r+b")) == NULL)
|
|
+ return 1;
|
|
+ filesize = filestat.st_size;
|
|
+ writes = (1 + (filesize / BLOCKSIZE));
|
|
+ file=fileno(f);
|
|
+ (void) setvbuf(stdout, NULL, _IONBF, 0);
|
|
+ devrandom = fopen(RANDOM_DEVICE, "r");
|
|
+
|
|
+ if (secure > 1) {
|
|
+ fill_buf(std_array);
|
|
+ for (counter=1; counter<=writes; counter++)
|
|
+ fwrite(&fillbuf, 1, BLOCKSIZE, f);
|
|
+ fflush(f);
|
|
+ fsync(file);
|
|
+ }
|
|
+
|
|
+/* do the overwriting stuff */
|
|
+ for (turn=0; turn<=36; turn++) {
|
|
+ rewind(f);
|
|
+ if ((secure < 3) && (turn > 0)) break;
|
|
+ if ((turn>=5) && (turn<=31)) {
|
|
+ fill_buf(write_modes[turn-5]);
|
|
+ for (counter=1; counter<=writes; counter++)
|
|
+ fwrite(&fillbuf, 1, BLOCKSIZE, f);
|
|
+ } else {
|
|
+ for (counter=1; counter<=writes; counter++) {
|
|
+ random_buf();
|
|
+ fwrite(&fillbuf, 1, BLOCKSIZE, f);
|
|
+ }
|
|
+ }
|
|
+ fflush(f);
|
|
+ if (fsync(file) < 0)
|
|
+ FLUSH;
|
|
+ }
|
|
+ (void) fclose(f);
|
|
+ (void) fclose(devrandom);
|
|
+/* Hard Flush -> Force cached data to be written to disk */
|
|
+ FLUSH;
|
|
+/* open + truncating the file, so an attacker doesn't know the diskblocks */
|
|
+ if ((file = open(delfile, O_WRONLY | O_TRUNC)) >= 0)
|
|
+ close(file);
|
|
+ return 0;
|
|
+}
|
|
+/* SRM END */
|
|
+
|
|
/* Query the user if appropriate, and if ok try to remove the
|
|
file or directory specified by FS. Return RM_OK if it is removed,
|
|
and RM_ERROR or RM_USER_DECLINED if not. */
|
|
@@ -646,9 +761,16 @@
|
|
return RM_USER_DECLINED;
|
|
}
|
|
|
|
- if (x->verbose)
|
|
- printf (_("removing %s\n"), quote (full_filename (pathname)));
|
|
+ if (x->verbose) {
|
|
+ if (secure)
|
|
+ printf (_("wiping %s\n"), quote (full_filename (pathname)));
|
|
+ else
|
|
+ printf (_("removing %s\n"), quote (full_filename (pathname)));
|
|
+ }
|
|
|
|
+ if (secure)
|
|
+ secure_delete(pathname);
|
|
+
|
|
if (unlink (pathname) && (errno != ENOENT || !x->ignore_missing_files))
|
|
{
|
|
error (0, errno, _("cannot unlink %s"), quote (full_filename (pathname)));
|
|
@@ -821,6 +943,8 @@
|
|
{
|
|
mode_t filetype_mode;
|
|
|
|
+ secure = x->secure;
|
|
+
|
|
if (user_specified_name)
|
|
{
|
|
/* CAUTION: this use of base_name works only because any
|
|
--- rm.c.orig 2003-05-05 14:58:35.000000000 +0200
|
|
+++ rm.c 2003-05-05 15:16:31.000000000 +0200
|
|
@@ -58,7 +58,7 @@
|
|
#define PROGRAM_NAME "rm"
|
|
|
|
#define AUTHORS \
|
|
- "Paul Rubin, David MacKenzie, Richard Stallman, and Jim Meyering"
|
|
+ "Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering, and van Hauser"
|
|
|
|
void strip_trailing_slashes ();
|
|
|
|
@@ -71,6 +71,9 @@
|
|
{"force", no_argument, NULL, 'f'},
|
|
{"interactive", no_argument, NULL, 'i'},
|
|
{"recursive", no_argument, NULL, 'r'},
|
|
+/* SRM BEGIN */
|
|
+ {"secure", no_argument, NULL, 's'},
|
|
+/* SRM END */
|
|
{"verbose", no_argument, NULL, 'v'},
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
@@ -93,6 +96,7 @@
|
|
-f, --force ignore nonexistent files, never prompt\n\
|
|
-i, --interactive prompt before any removal\n\
|
|
-r, -R, --recursive remove the contents of directories recursively\n\
|
|
+ -s, --secure secure overwrite (-sss for full security)\n\
|
|
-v, --verbose explain what is being done\n\
|
|
--help display this help and exit\n\
|
|
--version output version information and exit\n\
|
|
@@ -105,10 +109,11 @@
|
|
\n\
|
|
Note that if you use rm to remove a file, it is usually possible to recover\n\
|
|
the contents of that file. If you want more assurance that the contents are\n\
|
|
-truly unrecoverable, consider using shred.\n\
|
|
+truly unrecoverable, use the -s option.\n\
|
|
"),
|
|
program_name, program_name);
|
|
puts (_("\nReport bugs to <bug-fileutils@gnu.org>."));
|
|
+ puts (_("\nWith secure_delete patch by van Hauser <vh@thc.org>"));
|
|
}
|
|
exit (status);
|
|
}
|
|
@@ -122,6 +127,7 @@
|
|
x->recursive = 0;
|
|
x->stdin_tty = isatty (STDIN_FILENO);
|
|
x->verbose = 0;
|
|
+ x->secure = 0;
|
|
}
|
|
|
|
int
|
|
@@ -140,7 +146,7 @@
|
|
|
|
rm_option_init (&x);
|
|
|
|
- while ((c = getopt_long (argc, argv, "dfirvR", long_opts, NULL)) != -1)
|
|
+ while ((c = getopt_long (argc, argv, "dfirsvR", long_opts, NULL)) != -1)
|
|
{
|
|
switch (c)
|
|
{
|
|
@@ -161,6 +167,11 @@
|
|
case 'R':
|
|
x.recursive = 1;
|
|
break;
|
|
+/* SRM BEGIN */
|
|
+ case 's':
|
|
+ x.secure++;
|
|
+ break;
|
|
+/* SRM END */
|
|
case 'v':
|
|
x.verbose = 1;
|
|
break;
|
|
--- remove.h.orig 2003-05-05 15:13:47.000000000 +0200
|
|
+++ remove.h 2003-05-05 15:14:13.000000000 +0200
|
|
@@ -18,6 +18,9 @@
|
|
Only works for the super-user. */
|
|
int unlink_dirs;
|
|
|
|
+ /* If nonzero, secure overwrites file contents */
|
|
+ int secure;
|
|
+
|
|
/* If nonzero, display the name of each file removed. */
|
|
int verbose;
|
|
};
|