Find the answer to your Linux question:
Results 1 to 5 of 5
Hello all! Closed source applications used on our server use the unlink system call to delete files. My goal is to make it so unlink system call actually shreds/wipes the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    2

    Lightbulb Modify UNLINK system call so that it is a WIPE and then UNLINK?


    Hello all!

    Closed source applications used on our server use the unlink system call to delete files.

    My goal is to make it so unlink system call actually shreds/wipes the file a set number of times before it returns area to the filesystem.

    How would you approach this task?

    Thanks for your suggestions!

    s1sw

    PS I think this is security and also an OS question, I'll start a thread linking to this one in other areas of the forum hoping this is not against any rule, so any input by other users would remain in one thread.

  2. #2
    Just Joined!
    Join Date
    Nov 2008
    Posts
    3
    Hello!
    I actually don't understand what particularly is this question about. If you try to figure out how to replace a system function for a while, there is enough info in the net how to do this. Look for subjects like linux kernel development, system calls replacements, kernel module programming or something like that.
    In a nutshell, you should write a kernel module in which you replace "unlink" call with your own. Inside your call you do whatever you want and after that you call a standard "unlink" system call.
    Sorry if i haven't caught what it's all about here...

  3. #3
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    Quote Originally Posted by s1sw View Post
    I'll start a thread linking to this one in other areas of the forum hoping this is not against any rule
    Hello and welcome to the forums!

    Sorry, but redirects and duplicates are not allowed, so those that you've posted have been deleted:

    http://www.linuxforums.org/forum/lin...ums-rules.html
    oz

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,763

    Lightbulb

    Quote Originally Posted by nasekomoe View Post
    Hello!
    In a nutshell, you should write a kernel module in which you replace "unlink" call with your own. Inside your call you do whatever you want and after that you call a standard "unlink" system call.
    Agree. If you can't modify the source code of your application (writing some random data on file and then sync & delete) Only other option is to add kernel module to intercept/modify unlink () call to wipe out data addresses. But the drawback would be this module needs to be available/loaded at all machines where you want to run the application.

    And also this going to tricky, It also depends on what kind of File system you are using? If you are using ext3 on one machine and ext4 on another - then probably you have to write two modules and load them at appropriate place.
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  6. #5
    Just Joined!
    Join Date
    Jun 2011
    Posts
    1
    You can set a wrapper using LD_PRELOAD, too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •