Cleaning Files Before Use
Cleaning Files Before Use
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Problem:
Space from deleted files is reallocated to other files. If the
contents of reused disk areas are not cleared before reuse, the deleted
information can be recovered by the next reader. Many UNIX systems
automatically clear deleted file areas, but in some systems this does
not happen, and the users should be provided with a secure deletion
program.
Prevention:
Most UNIX systems automatically clear the contents of file areas
before granting access, but there are some exceptions.
Detection:
The easiest way to detect this problem is by performing an
experiment. Create a file consuming most of the free space on the
system, and fill it with a known pattern (e.g. the integers from 1 to
the file size). Delete the file, and then create a new file, seek
through a series of locations that have not been written, and read them
to determine if they have any of the written pattern in them.
Cure:
There is no cure for the underlying operating system problem
except the repair of the operating system itself, but the Rm program
can be modified to wipe the file clean upon deletion. This will make
the vast majority of user deletions secure. This can be augmented with
a periodic wiping of unused areas of the disk to improve protection
against this attack still further.