0

I want to shred some temp files produced by my C program before the files are removed.

Currently I am using 

system("shred /tmp/datafile");
system("rm /tmp/datafile");

from within my program, but I think instead of calling the system function is not the best way (correct me if I am wrong..) Is there any other way I can do it? How do I shred the file from within my code itself? A library, or anything? Also, about deletion part, is this answer good?

Community
  • 1
  • 1
upInCloud
  • 979
  • 2
  • 10
  • 29

2 Answers2

3

Can I ask why you think this is not the best way to achieve this? It looks like a good solution to me, if it is genuinely necessary to destroy the file contents irretrievably.

The advantage of this way of doing it are:

  • the program already exists (so it's faster to develop); and
  • the program is already trusted.

The second is an important point. It's possible to overstate the necessity of elaborately scrubbing files (Peter Gutmann, in a remark quoted on the relevant wikipedia page, has described some uses of his method as ‘voodoo’), but that doesn't matter: in any security context, using a pre-existing tool is almost always more defensible than using something home-made.

About the only criticism I'd make of your current approach, using system(3), is that since it looks up the shred program in the PATH, it would be possible in principle for someone to play games with that and get up to mischief. But that's easily dealt with: use fork(2) and execve(2) to invoke a specific binary using its full path.

That said, if this is just a low-impact bit of tidying up, then it might be still more straightforward to simply mmap the file and quickly write zeros into it.

Norman Gray
  • 11,978
  • 2
  • 33
  • 56
  • I am not against using existing programs or applications.. Its just that the `system()` call in C code that's worrying me. What if the system doesn't have the shred program installed and the `system("shred xyz");` just fails? – upInCloud Mar 21 '15 at 12:30
  • Is there a library to do this easily instead of calling binary programs?? That would be really great! – upInCloud Mar 21 '15 at 12:33
  • 1
    @ShaaradDalvi The way I would deal with that is by identifying the `shred` program (or a platform-suitable alternative) at build/configuration time. That is, you use something like [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Generic-Programs.html) to identify the path to the program and store it in a `#define`, then use that as the first argument of your `execve` call. – Norman Gray Mar 21 '15 at 13:50
  • I'm not sure that sequential writing with write() call is slower than mmap() especially on a small files. – Max Fomichev Mar 21 '15 at 13:53
  • @MaxFomichev I doubt it would make much speed difference either way. But it seems (to me) to indicate the intention more clearly, which is a possible advantage. – Norman Gray Mar 21 '15 at 14:22
2

You can use the following code:

#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>

#define BUF_SIZE 4096
#define ABS_FILE_PATH "/tmp/aaa"

int main()
{
    //get file size
    struct stat stat_buf;
    if (stat(ABS_FILE_PATH, &stat_buf) == -1)
        return errno;
    off_t fsize = stat_buf.st_size;

    //get file for writing
    int fd = open(ABS_FILE_PATH, O_WRONLY);
    if (fd == -1)
        return errno;

    //fill file with 0s
    void *buf = malloc(BUF_SIZE);
    memset(buf, 0, BUF_SIZE);
    ssize_t ret = 0;
    off_t shift = 0;
    while((ret = write(fd, buf,
                       ((fsize - shift >BUF_SIZE)?
                       BUF_SIZE:(fsize - shift)))) > 0)
        shift += ret;
    close(fd);
    free(buf);
    if (ret == -1)
        return errno;

    //remove file
    if (remove(ABS_FILE_PATH) == -1)
        return errno;

    return 0;
}
Max Fomichev
  • 244
  • 1
  • 13