From dba446dc51cc3c773ee46b0ca4e6961cfa5d614d Mon Sep 17 00:00:00 2001 From: "Edinaldo P. Silva" Date: Fri, 29 May 2015 05:51:30 +0700 Subject: system/secure-delete: Added (wipe files securely). Signed-off-by: Willy Sudiarto Raharjo --- system/secure-delete/README | 5 + system/secure-delete/secure-delete.SlackBuild | 93 ++++++++++ system/secure-delete/secure-delete.diff | 251 ++++++++++++++++++++++++++ system/secure-delete/secure-delete.info | 10 + system/secure-delete/slack-desc | 19 ++ 5 files changed, 378 insertions(+) create mode 100644 system/secure-delete/README create mode 100644 system/secure-delete/secure-delete.SlackBuild create mode 100644 system/secure-delete/secure-delete.diff create mode 100644 system/secure-delete/secure-delete.info create mode 100644 system/secure-delete/slack-desc diff --git a/system/secure-delete/README b/system/secure-delete/README new file mode 100644 index 0000000000..487c32b5d9 --- /dev/null +++ b/system/secure-delete/README @@ -0,0 +1,5 @@ +Tools to wipe files, free disk space, swap and memory. + +Gutmann method based tools for securely wiping data. + +From files (srm), free disk space (sfill), swap (sswap) and memory (sdmem). diff --git a/system/secure-delete/secure-delete.SlackBuild b/system/secure-delete/secure-delete.SlackBuild new file mode 100644 index 0000000000..41c0a38b08 --- /dev/null +++ b/system/secure-delete/secure-delete.SlackBuild @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Slackware build script for secure-delete. +# +# Copyright 2015 Edinaldo P. Silva, Rio de Janeiro, Brazil. +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=secure-delete +SRCNAM=secure_delete +VERSION=${VERSION:-3.1} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.gz +mv $SRCNAM-$VERSION $PRGNAM-$VERSION +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +patch -p1 < $CWD/secure-delete.diff +make prefix=/usr DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/bin +cp -a sfill smem srm sswap $PKG/usr/bin + +DOCS="CHANGES README TODO usenix6-gutmann.doc" + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/secure-delete/secure-delete.diff b/system/secure-delete/secure-delete.diff new file mode 100644 index 0000000000..e31199944c --- /dev/null +++ b/system/secure-delete/secure-delete.diff @@ -0,0 +1,251 @@ +--- secure-delete-3.1.orig/srm.1 ++++ secure-delete-3.1/srm.1 +@@ -55,7 +55,7 @@ + .TP + .B \-d + ignore the two special dot files . and .. on the commandline. (so you can +-execute it like "srm -d .* *") ++execute it like "srm \-d .* *") + .TP + .B \-f + fast (and insecure mode): no /dev/urandom, no synchronize mode. +@@ -65,7 +65,7 @@ + and a final mode random values. + .TP + .B \-l +--l for a second time lessons the security even more: only one random pass ++\-l for a second time lessons the security even more: only one random pass + is written. + .TP + .B \-r +@@ -95,7 +95,7 @@ + which comes with the + .I secure_deletion package + to ensure to wipe also the free diskspace. However, If already a small +-file aquired a block with your precious data, no tool known to me can help ++file acquired a block with your precious data, no tool known to me can help + you here. For a secure deletion of the swap space + .I sswap + is available. +@@ -136,5 +136,5 @@ + (1), + .I sswap + (1), +-.I smem ++.I sdmem + (1) +--- secure-delete-3.1.orig/sfill.1 ++++ secure-delete-3.1/sfill.1 +@@ -16,7 +16,7 @@ + is designed to delete data which lies on available diskspace on mediums + in a secure manner which can not be recovered by thiefs, law enforcement + or other threats. +-The wipe algorythm is based on the paper "Secure Deletion of Data from ++The wipe algorithm is based on the paper "Secure Deletion of Data from + Magnetic and Solid-State Memory" presented at the 6th Usenix Security + Symposium by Peter Gutmann, one of the leading civilian cryptographers. + .PP +@@ -59,7 +59,7 @@ + and a final mode with random values. + .TP + .B \-l +--l for a second time lessons the security even more: only one random pass ++\-l for a second time lessons the security even more: only one random pass + is written. + .TP + .B \-v +@@ -130,5 +130,5 @@ + (1), + .I sswap + (1), +-.I smem ++.I sdmem + (1) +--- secure-delete-3.1.orig/Makefile ++++ secure-delete-3.1/Makefile +@@ -1,19 +1,19 @@ + CC=gcc +-OPT=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE ++OPT=$(CFLAGS) -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE + #OPT=-Wall -D_DEBUG_ -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE +-INSTALL_DIR=/usr/local/bin ++INSTALL_DIR=$(prefix)/bin + MAN_DIR=/usr/local/man + DOC_DIR=/usr/share/doc/secure_delete + OPT_MOD=-D__KERNEL__ -DMODULE -fomit-frame-pointer -fno-strict-aliasing -pipe -mpreferred-stack-boundary=2 + #LD_MOD=-r + +-all: sdel-lib.o srm sfill sswap smem sdel-mod.o +- @echo +- @echo "A Puritan is someone who is deathly afraid that someone, somewhere, is" +- @echo "having fun." +- @echo +- @echo "I hope YOU have fun!" +- @echo ++all: sdel-lib.o srm sfill sswap smem ++# @echo ++# @echo "A Puritan is someone who is deathly afraid that someone, somewhere, is" ++# @echo "having fun." ++# @echo ++# @echo "I hope YOU have fun!" ++# @echo + + sdel-mod.o: sdel-mod.c + $(CC) $(OPT) $(OPT_MOD) $(LD_MOD) -I/lib/modules/`uname -r`/build/include -c sdel-mod.c +@@ -23,32 +23,28 @@ + + srm: srm.c + $(CC) ${OPT} -o srm srm.c sdel-lib.o +- -strip srm + sfill: sfill.c + $(CC) ${OPT} -o sfill sfill.c sdel-lib.o +- -strip sfill + sswap: sswap.c + $(CC) ${OPT} -o sswap sswap.c sdel-lib.o +- -strip sswap + smem: smem.c + $(CC) ${OPT} -o smem smem.c sdel-lib.o +- -strip smem + + clean: + rm -f sfill srm sswap smem sdel sdel-lib.o sdel-mod.o core *~ + + install: all + mkdir -p -m 755 ${INSTALL_DIR} 2> /dev/null +- rm -f sdel && ln -s srm sdel +- cp -f sdel srm sfill sswap smem the_cleaner.sh ${INSTALL_DIR} +- chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem ${INSTALL_DIR}/the_cleaner.sh +- mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null +- cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1 +- chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1 +- mkdir -p -m 755 ${DOC_DIR} 2> /dev/null +- cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR} +- -test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char ++# rm -f sdel && ln -s srm sdel ++ cp -f srm sfill sswap smem ${INSTALL_DIR} ++ chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem ++# mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null ++# cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1 ++# chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1 ++# mkdir -p -m 755 ${DOC_DIR} 2> /dev/null ++# cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR} ++# -test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char + # @-test '!' -e sdel-mod.o -a `uname -s` = 'Linux' && echo "type \"make sdel-mod install\" to compile and install the Linux loadable kernel module for secure delete" +- @echo +- @echo "If men could get pregnant, abortion would be a sacrament." +- @echo ++# @echo ++# @echo "If men could get pregnant, abortion would be a sacrament." ++# @echo +--- secure-delete-3.1.orig/srm.c ++++ secure-delete-3.1/srm.c +@@ -110,7 +110,7 @@ + if ( (filestat.st_dev != controlstat.st_dev) || (filestat.st_ino != controlstat.st_ino) ) { + fprintf(stderr, "Race found! (directory %s became a link)\n", filename); + } else { +- if ((dir = opendir (".")) != NULL) { ++ if ((dir = opendir (".")) < 0) { + (void) chmod(".", 0700); /* ignore permission errors */ + dir = opendir ("."); + } +@@ -166,8 +166,10 @@ + return 3; + } + +- if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0) ++ if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0) { ++ close(fd); + return sdel_unlink(filename, 0, 1, slow); ++ } + } /* end IS_REG() */ + else { + if (S_ISDIR(filestat.st_mode)) { +--- secure-delete-3.1.orig/smem.1 ++++ secure-delete-3.1/smem.1 +@@ -3,16 +3,16 @@ + .if n .sp + .if t .sp 0.4 + .. +-.TH SMEM 1 ++.TH SDMEM 1 + + .SH NAME +-smem \- secure memory wiper (secure_deletion toolkit) ++sdmem \- secure memory wiper (secure_deletion toolkit) + + .SH SYNOPSIS +-.B smem [-f] [-l] [-l] [-v] ++.B sdmem [-f] [-l] [-l] [-v] + + .SH DESCRIPTION +-.I smem ++.I sdmem + is designed to delete data which may lie still in your memory (RAM) + in a secure manner which can not be recovered by thiefs, law enforcement + or other threats. +@@ -24,7 +24,7 @@ + .PP + The + .I secure data deletion +-process of smem goes like this: ++process of sdmem goes like this: + .PP + .TP + .B * +@@ -51,20 +51,26 @@ + and a final random one. + .TP + .B \-l +--l for a second time lessons the security even more: only one pass with ++\-l for a second time lessons the security even more: only one pass with + 0x00 is written. + .TP + .B \-v + verbose mode + .PP + ++.SH NOTE ++.TP ++This utility was originally called ++.I smem ++but was renamed for debian to avoid name clashes with another package. ++ + .SH BEWARE + .TP + .B SLOW +-Wiping the memory is very slow. You might use smem with the -ll option. (tip) ++Wiping the memory is very slow. You might use sdmem with the \-ll option. (tip) + .TP + .B BETA! +-.I smem ++.I sdmem + is still beta. + + .PP +@@ -84,7 +90,7 @@ + can be obtained from + .I http://www.thc.org + .Sp +-.I smem ++.I sdmem + and the + .I secure_deletion package + is (C) 1997-2003 by van Hauser / THC (vh@thc.org) +--- secure-delete-3.1.orig/sswap.1 ++++ secure-delete-3.1/sswap.1 +@@ -49,7 +49,7 @@ + a final mode with random values. + .TP + .B \-l +--l for a second time lessons the security even more: only one pass with ++\-l for a second time lessons the security even more: only one pass with + random values is written. + .TP + .B \-v +@@ -106,5 +106,5 @@ + (1), + .I sfill + (1), +-.I smem ++.I sdmem + (1) diff --git a/system/secure-delete/secure-delete.info b/system/secure-delete/secure-delete.info new file mode 100644 index 0000000000..958f8ccd55 --- /dev/null +++ b/system/secure-delete/secure-delete.info @@ -0,0 +1,10 @@ +PRGNAM="secure-delete" +VERSION="3.1" +HOMEPAGE="https://www.thc.org/releases.php?q=delete/" +DOWNLOAD="https://www.thc.org/releases/secure_delete-3.1.tar.gz" +MD5SUM="aabbd7e77bf96b326d260f16fb7f8bba" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Edinaldo P. Silva" +EMAIL="edps.mundognu@gmail.com" diff --git a/system/secure-delete/slack-desc b/system/secure-delete/slack-desc new file mode 100644 index 0000000000..67a5452d55 --- /dev/null +++ b/system/secure-delete/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +secure-delete: secure-delete (wipe files, free disk space, swap and memory) +secure-delete: +secure-delete: Gutmann method based tools for securely wiping data. +secure-delete: +secure-delete: Home page: https://www.thc.org/releases.php?q=delete/ +secure-delete: +secure-delete: +secure-delete: +secure-delete: +secure-delete: +secure-delete: -- cgit v1.2.3