0

I want to shred some temp files produced by my C program before the files are removed.

Currently I am using

system("shred /tmp/datafile");
system("rm /tmp/datafile");

from within my program, but I think instead of calling the system function is not the best way (correct me if I am wrong..) Is there any other way I can do it? How do I shred the file from within my code itself? A library, or anything? Also, about deletion part, is this answer good?

4
  • Check the source code of the wipe utility. Another option would be to mount /tmp to a ram drive. Commented Mar 21, 2015 at 11:21
  • shred means overwriting the disk blocks where the file contents are present with random bytes so as to make those contents unretrievable by some tools like disc recovery. Commented Mar 21, 2015 at 11:22
  • Overwrite the content of the file with zeros ? Commented Mar 21, 2015 at 11:22
  • wipe.sourceforge.net Commented Mar 21, 2015 at 11:23

2 Answers 2

3

Can I ask why you think this is not the best way to achieve this? It looks like a good solution to me, if it is genuinely necessary to destroy the file contents irretrievably.

The advantage of this way of doing it are:

  • the program already exists (so it's faster to develop); and
  • the program is already trusted.

The second is an important point. It's possible to overstate the necessity of elaborately scrubbing files (Peter Gutmann, in a remark quoted on the relevant wikipedia page, has described some uses of his method as ‘voodoo’), but that doesn't matter: in any security context, using a pre-existing tool is almost always more defensible than using something home-made.

About the only criticism I'd make of your current approach, using system(3), is that since it looks up the shred program in the PATH, it would be possible in principle for someone to play games with that and get up to mischief. But that's easily dealt with: use fork(2) and execve(2) to invoke a specific binary using its full path.

That said, if this is just a low-impact bit of tidying up, then it might be still more straightforward to simply mmap the file and quickly write zeros into it.

Sign up to request clarification or add additional context in comments.

5 Comments

I am not against using existing programs or applications.. Its just that the system() call in C code that's worrying me. What if the system doesn't have the shred program installed and the system("shred xyz"); just fails?
Is there a library to do this easily instead of calling binary programs?? That would be really great!
@ShaaradDalvi The way I would deal with that is by identifying the shred program (or a platform-suitable alternative) at build/configuration time. That is, you use something like autoconf to identify the path to the program and store it in a #define, then use that as the first argument of your execve call.
I'm not sure that sequential writing with write() call is slower than mmap() especially on a small files.
@MaxFomichev I doubt it would make much speed difference either way. But it seems (to me) to indicate the intention more clearly, which is a possible advantage.
2

You can use the following code:

#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>

#define BUF_SIZE 4096
#define ABS_FILE_PATH "/tmp/aaa"

int main()
{
    //get file size
    struct stat stat_buf;
    if (stat(ABS_FILE_PATH, &stat_buf) == -1)
        return errno;
    off_t fsize = stat_buf.st_size;

    //get file for writing
    int fd = open(ABS_FILE_PATH, O_WRONLY);
    if (fd == -1)
        return errno;

    //fill file with 0s
    void *buf = malloc(BUF_SIZE);
    memset(buf, 0, BUF_SIZE);
    ssize_t ret = 0;
    off_t shift = 0;
    while((ret = write(fd, buf,
                       ((fsize - shift >BUF_SIZE)?
                       BUF_SIZE:(fsize - shift)))) > 0)
        shift += ret;
    close(fd);
    free(buf);
    if (ret == -1)
        return errno;

    //remove file
    if (remove(ABS_FILE_PATH) == -1)
        return errno;

    return 0;
}

1 Comment

Or indeed mmap plus memset plus munmap.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.