Enhancement: do a secure wipe instead of rm -rf
Closed this issue · 4 comments
When cleaning up the temporary files, they are removed via rm -rf. On most filesystems, this does not securely delete the files. It might make sense to use something like "wipe" to remove the files instead (OTOH, secure deletion from disk is hard. Maybe put the temporary files only in a memory-backed filesystem instead?).
absolutely. in fact, this has been planned from the start, but simply didn't make it into today's release due to time constraints (i even claim that we already do so in the video cough...)
watch this space :)
Just as an idea, you could loop-mount an encrypted container, save the files there and afterwards delete the container and the crypto-key to access it. That would prevent clear-text data to be saved on disk.
From my point of view there is no need to create any unencrypted "file" in the filesystem in the first place. You may spawn any (not all converters are shown, but as long as they are able to read from stdin and write to stdout you are fine) of your file processing stuff from within python itself (http://docs.python.org/library/subprocess.html) and gnupg-encryption can be done in python as well (e.g http://code.google.com/p/python-gnupg/).
You can hold all files in memory (read -> http://docs.python.org/library/mmap.html and http://docs.python.org/library/stringio.html), so there is no need to write a single byte to your filesystem.
Even if the files only exists a couple of seconds and you correctly remove/overwrite the files, this is a looooong time in informatics. I know this is a lot of work, but if you really want to limit any possible access to unencrypted data, then just don't write it to the disk.
Added a test for srm in ea714ec..53b64dd, using this instead of rm.
@xrayn: Once you go so far, you would also need encrypted swap, etc. I will see if we can pipe it to the tools that are in development pipeline, e.g. virus scanner … but when it comes to securely extracting archives it gets very hard to keep everything in memory. I think before introducing more complexity, we should focus on implementing things with tools easily available.