Bugtraq mailing list archives

Re: Shred 1.0 Bug Report

From: "M. Leo Cooper" <thegrendel () THERIVER COM>
Date: Tue, 10 Oct 2000 23:43:11 -0700

On Tue, 10 Oct 2000, Jeff Harlan wrote:

Ran a test with Shred v1.0 and found some
unexpected results.  This utility is supposed to
overwrite a file with several passes of different
bit patterns followed by one random pattern.  The
file is then unlinked.  This is supposed to make
the file unrecoverable with utilities which read
raw disk blocks.  Using the icat utility from Dan
Farmer and Wietze Venema's  TCT Toolkit it appears
that the data is not overwritten.  This test was
done on two different RedHat 6.0 systems.


It has been a couple of years since I actively worked on "shred". In
response to your e-mail, Jeff, when I tested the program, it no longer
worked as specified. In fact, when compiled on a glibc 2.1 machine,
"shred" coredumps. It appears that this package is a victim of the
changes made to libc.

I therefore advise discontinuation of the use of the "shred" package. I
have no plans to bugfix or update it, since Tom Vier's "wipe" package
accomplishes the same job, and in a more thorough fashion.

Jeff, I do have to question whether it was appropriate to notify
Bugtraq, since "shred" was never, to my knowledge, a part of any Linux
distribution.

Thanks for the notification.


Mendel

Current thread:

Shred 1.0 Bug Report Jeff Harlan (Oct 10)
- Re: Shred 1.0 Bug Report Guenther H. Leber (Oct 10)
  - Re: Shred 1.0 Bug Report Frank Wiles (Oct 11)
- Re: Shred 1.0 Bug Report M. Leo Cooper (Oct 11)
  - Re: Shred 1.0 Bug Report Wietse Venema (Oct 11)
    - Re: Shred 1.0 Bug Report Alfred Perlstein (Oct 12)
    - Re: Shred 1.0 Bug Report Mitchell Blank Jr (Oct 13)
    - Re: File "shredding" Kurt Seifried (Oct 13)
  - Re: Shred 1.0 Bug Report M. Leo Cooper (Oct 11)
  - Re: Shred 1.0 Bug Report Dan Kaminsky (Oct 12)