/* shred.c - Overwrite a file to securely delete * * Copyright 2014 Rob Landley <rob@landley.net> * * No standard USE_SHRED(NEWTOY(shred, "<1zxus#<1n#<1o#<0f", TOYFLAG_USR|TOYFLAG_BIN)) config SHRED bool "shred" default y help usage: shred [-fuz] [-n COUNT] [-s SIZE] FILE... Securely delete a file by overwriting its contents with random data. -f Force (chmod if necessary) -n COUNT Random overwrite iterations (default 1) -o OFFSET Start at OFFSET -s SIZE Use SIZE instead of detecting file size -u Unlink (actually delete file when done) -x Use exact size (default without -s rounds up to next 4k) -z Zero at end Note: data journaling filesystems render this command useless, you must overwrite all free space (fill up disk) to erase old data on those. */ #define FOR_shred #include "toys.h" GLOBALS( long o, n, s; ) void shred_main(void) { char **try; if (!(toys.optflags & FLAG_n)) TT.n++; // We don't use loopfiles() here because "-" isn't stdin, and want to // respond to files we can't open via chmod. for (try = toys.optargs; *try; try++) { off_t pos = 0, len = TT.s; int fd = open(*try, O_RDWR), iter = 0, throw; // do -f chmod if necessary if (fd == -1 && (toys.optflags & FLAG_f)) { chmod(*try, 0600); fd = open(*try, O_RDWR); } if (fd == -1) { perror_msg_raw(*try); continue; } // determine length if (!len) len = fdlength(fd); if (len<1) { error_msg("%s: needs -s", *try); close(fd); continue; } // Loop through, writing to this file for (;;) { // Advance to next -n or -z? if (pos >= len) { pos = -1; if (++iter == TT.n && (toys.optargs && FLAG_z)) { memset(toybuf, 0, sizeof(toybuf)); continue; } if (iter >= TT.n) break; } if (pos < TT.o) { if (TT.o != lseek(fd, TT.o, SEEK_SET)) { perror_msg_raw(*try); break; } pos = TT.o; } // Determine length, read random data if not zeroing, write. throw = sizeof(toybuf); if (toys.optflags & FLAG_x) if (len-pos < throw) throw = len-pos; if (iter != TT.n) xgetrandom(toybuf, throw, 0); if (throw != writeall(fd, toybuf, throw)) perror_msg_raw(*try); pos += throw; } if (toys.optflags & FLAG_u) if (unlink(*try)) perror_msg("unlink '%s'", *try); } }