![File deletion programs](https://knopkazmeya.com/16.png)
Companies boasting use of 'DOD-approved' or 'NSA-approved' methods are citing standards for something entirely different - volatile memory - a subtlety they don't bother telling you about - naturally. On this the DOD and the NSA are unequivocal: The only secure delete for permanent media such as computer hard drives is incineration. There never has been and there never will be. "There is no such thing as 'DOD' or 'NSA' secure delete for hard drives. His research is today the 'industry standard' work on the subject.ĭr Gutmann is also quick to understand that 'MILITARY', 'NISPOM', 'DOD' and 'NSA' algorithms are at best just so much smoke-screening, and for precisely the reason cited above, and therefore focused his research on what he knew the DOD and the NSA had to focus on: actual physical recording technology characteristics." His analysis of their encoding techniques became the basis of his approach to secure deletion. "The NSA does not approve overwrite as an effective method for sanitizing hard disk media" [Dave Federspiel, Data Security, Inc) 1Īnd more so, "Dr Peter Gutmann of the University of Auckland (NZ) made an exhaustive study of hard drive media a few years back. For simple processes, it is sufficient if the process requesting the temporary file forks and expects the child to own the file thereafter (and exits) then the daemon has a problem detecting when the last process using it dies - because it doesn't automatically know the processes that have it open.Hello, I would like to know if there is any references regarding the so-called "NSA" overwrite and where information can be obtained on this method, if it even exists. Note that signal handling is an imperfect strategy SIGKILL cannot be caught, and the atexit() handler won't be called, and the file will be left around.ĭavid Segond's suggestion - a temporary file name daemon - is interesting. You would also document that you do this, and the signals for which you do it.
#FILE DELETION PROGRAMS INSTALL#
You would also install an atexit() handler. When your handler was called, you'd do whatever you need to do, and then call the remembered handler, thus chaining the handlers. If the default handler is SIG_IGN, you wouldn't normally install your own handler if it is SIG_DFL, you would remember that if it is something else - a user-defined signal handler - you would remember that pointer, and install your own. You could keep track of the signal handlers installed before you install your signal handlers. I would consider combining a signal handling strategy with what Kamil Kisiel suggests. If not, then there probably isn't a perfect solution. The requirement that the name remains visible while the process is running makes this hard to achieve.
![file deletion programs file deletion programs](https://cdn.windowsreport.com/wp-content/uploads/2020/04/CCleaner-2.png)
This also explains why I need the name to remain visible (making the immediate-unlink approach unworkable): the "file" must be shared between two or more processes. (I've mounted the virtual filesystem in /dev/mqueue, following the example in man mq_overview). This makes the current most popular answer (placing the file in /tmp) unworkable, because the "file" is created by the system in a virtual filesystem with very limited capacity. All of this makes it analogous to a regular file, except that I cannot choose the directory in which the file resides. It can be removed from the system via mq_unlink(). It can be closed via mq_close() or close() (the former is an alias for the latter on my system). The "file" in this case is not strictly a normal file, but rather is a POSIX Message Queue. I elided one detail in my original post which I now realize I should have included.
![file deletion programs file deletion programs](https://www.thewindowsclub.com/wp-content/uploads/2017/09/Recover-deleted-files-folders-500x398.jpg)
atexit(3): apparently useless, since it isn't called during abnormal termination (e.g.I might consider some clever use of sigaction(2) to cope.but haven't put enough thought into this possibility yet. For example, what if the application uses signals itself? I don't want to step on any toes. signals: I'm writing a low-level library which makes registering a signal handler a tricky proposition.RAII: been there, done that: I have an object whose destructor deletes the file, but the destructor is not called if the program is terminated by a signal.None of these seem like a complete and straightforward solution: I know I can open the file and delete it immediately and the file will remain accessible until the file descriptor is closed (which even handles a crash). I could understand that in the case of a program crash it may not be practical to guarantee this, but in any other case I'd like it to work.
![file deletion programs file deletion programs](http://www.secureaction.com/master-shredder/graphics/screenshot.gif)
I want to open a temporary file which will always be deleted upon program termination. Win32's CreateFile has FILE_FLAG_DELETE_ON_CLOSE, but I'm on Linux.
![File deletion programs](https://knopkazmeya.com/16.png)