Linux ext2 and ext3 file systems support addding additional attributes to files. You do this with "chattr". The most common attribute is "immutable", which prevents a file from being changed or deleted, even by root (of course root can simply use chattr to remove the immutable flag). This can add additional protection against buffer overflow and other security escalation attacks.
The man page for chattr talks of other attributes that are supposed to be implemented someday, but it's been talking quite a while now. Unfortuantely, it gets more confusing. While "man chattr" still says that the "-s" (secure deletion) flag isn't supported, the Design and Implementation of the Second Extended Filesystem page says that it does:
An attribute allows the users to request secure deletion on files. When such a file is deleted, random data is written in the disk blocks previously allocated to the file. This prevents malicious people from gaining access to the previous content of the file by using a disk editor.
But in fact it doesn't, at least not on my systems. Apparently it was deliberately removed (from http://www.securityfocus.com/infocus/1407):
Although earlier kernels honored the 'secure deletion' flag, during the development of the 1.3 series the developers dropped the implementation of this property since it seemed to provide at best only a trivial amount of additional security and at worst a false sense of real security to users unfamiliar with the inherent problems of any 'secure deletion' scheme.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2011-07-06 Tony Lawrence
One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs. (Robert Firth)